1 files changed, 7 insertions, 2 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 52c34532c785..ab082a2e8fdd 100644
@@ -273,7 +273,8 @@ error:
* Create and join an anonymous session keyring or join a named session
* keyring, creating it if necessary. A named session keyring must have Search
* permission for it to be joined. Session keyrings without this permit will
- * be skipped over.
+ * be skipped over. It is not permitted for userspace to create or join
+ * keyrings whose name begin with a dot.
* If successful, the ID of the joined session keyring will be returned.
@@ -290,12 +291,16 @@ long keyctl_join_session_keyring(const char __user *_name)
ret = PTR_ERR(name);
+ ret = -EPERM;
+ if (name == '.')
+ goto error_name;
/* join the session */
ret = join_session_keyring(name);