KEYS: restrict /proc/keys by credentials at open time - linux-dev - Linux kernel development work

diff options

author	Eric Biggers <ebiggers@google.com>	2017-09-18 11:38:29 -0700
committer	David Howells <dhowells@redhat.com>	2017-09-25 15:19:57 +0100
commit	4aa68e07d845562561f5e73c04aa521376e95252 (patch)
tree	d8ca3fbc77070caa26fd327fd5d7e21a322add34 /ipc
parent	KEYS: reset parent each time before searching key_user_tree (diff)
download	linux-dev-4aa68e07d845562561f5e73c04aa521376e95252.tar.xz linux-dev-4aa68e07d845562561f5e73c04aa521376e95252.zip

KEYS: restrict /proc/keys by credentials at open time

When checking for permission to view keys whilst reading from /proc/keys, we should use the credentials with which the /proc/keys file was opened. This is because, in a classic type of exploit, it can be possible to bypass checks for the *current* credentials by passing the file descriptor to a suid program. Following commit 34dbbcdbf633 ("Make file credentials available to the seqfile interfaces") we can finally fix it. So let's do it. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com>

Diffstat (limited to 'ipc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: