[PATCH] keys: allocate key serial numbers randomly - linux-dev - Linux kernel development work

diff options

author	Michael LeMay <mdlemay@epoch.ncsc.mil>	2006-06-26 00:24:54 -0700
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-06-26 09:58:18 -0700
commit	e51f6d343789a4f0a2a7587ad7ec7746969d5c1c (patch)
tree	39ca4e05c0dda995f3eaaea1aaa2c8689003f1d0 /security/keys/proc.c
parent	[PATCH] keys: let keyctl_chown() change a key's owner (diff)
download	linux-dev-e51f6d343789a4f0a2a7587ad7ec7746969d5c1c.tar.xz linux-dev-e51f6d343789a4f0a2a7587ad7ec7746969d5c1c.zip

[PATCH] keys: allocate key serial numbers randomly

Cause key_alloc_serial() to generate key serial numbers randomly rather than in linear sequence. Using an linear sequence permits a covert communication channel to be established, in which one process can communicate with another by creating or not creating new keys within a certain timeframe. The second process can probe for the expected next key serial number and judge its existence by the error returned. This is a problem as the serial number namespace is globally shared between all tasks, regardless of their context. For more information on this topic, this old TCSEC guide is recommended: http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-030.html Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Diffstat (limited to '')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: