KEYS: restrict /proc/keys by credentials at open time - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Eric Biggers <ebiggers@google.com>	2017-09-18 21:38:29 +0300
committer	David Howells <dhowells@redhat.com>	2017-09-25 17:19:57 +0300
commit	4aa68e07d845562561f5e73c04aa521376e95252 (patch)
tree	d8ca3fbc77070caa26fd327fd5d7e21a322add34 /tools/perf/scripts/python/export-to-postgresql.py
parent	8f674565d405a8c0b36ee531849df87f43e72ed5 (diff)
download	linux-4aa68e07d845562561f5e73c04aa521376e95252.tar.xz

KEYS: restrict /proc/keys by credentials at open time

When checking for permission to view keys whilst reading from /proc/keys, we should use the credentials with which the /proc/keys file was opened. This is because, in a classic type of exploit, it can be possible to bypass checks for the *current* credentials by passing the file descriptor to a suid program. Following commit 34dbbcdbf633 ("Make file credentials available to the seqfile interfaces") we can finally fix it. So let's do it. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com>

Diffstat (limited to 'tools/perf/scripts/python/export-to-postgresql.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: