KEYS: Only apply KEY_FLAG_KEEP to a key if a parent keyring has it set
KEY_FLAG_KEEP should only be applied to a key if the keyring it is being
linked into has KEY_FLAG_KEEP set.
To this end, partially revert the following patch:
commit 1d6d167c2e
Author: Mimi Zohar <zohar@linux.vnet.ibm.com>
Date: Thu Jan 7 07:46:36 2016 -0500
KEYS: refcount bug fix
to undo the change that made it unconditional (Mimi got it right the first
time).
Without undoing this change, it becomes impossible to delete, revoke or
invalidate keys added to keyrings through __key_instantiate_and_link()
where the keyring has itself been linked to. To test this, run the
following command sequence:
keyctl newring foo @s
keyctl add user a a %:foo
keyctl unlink %user:a %:foo
keyctl clear %:foo
With the commit mentioned above the third and fourth commands fail with
EPERM when they should succeed.
Reported-by: Stephen Gallager <sgallagh@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
cc: keyrings@vger.kernel.org
cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
This commit is contained in:
Родитель
03c21cb775
Коммит
eee045021f
|
@ -430,7 +430,8 @@ static int __key_instantiate_and_link(struct key *key,
|
|||
|
||||
/* and link it into the destination keyring */
|
||||
if (keyring) {
|
||||
set_bit(KEY_FLAG_KEEP, &key->flags);
|
||||
if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
|
||||
set_bit(KEY_FLAG_KEEP, &key->flags);
|
||||
|
||||
__key_link(key, _edit);
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче