linux/security
David Howells eee045021f KEYS: Only apply KEY_FLAG_KEEP to a key if a parent keyring has it set
KEY_FLAG_KEEP should only be applied to a key if the keyring it is being
linked into has KEY_FLAG_KEEP set.

To this end, partially revert the following patch:

	commit 1d6d167c2e
	Author: Mimi Zohar <zohar@linux.vnet.ibm.com>
	Date:   Thu Jan 7 07:46:36 2016 -0500
	KEYS: refcount bug fix

to undo the change that made it unconditional (Mimi got it right the first
time).

Without undoing this change, it becomes impossible to delete, revoke or
invalidate keys added to keyrings through __key_instantiate_and_link()
where the keyring has itself been linked to.  To test this, run the
following command sequence:

    keyctl newring foo @s
    keyctl add user a a %:foo
    keyctl unlink %user:a %:foo
    keyctl clear %:foo

With the commit mentioned above the third and fourth commands fail with
EPERM when they should succeed.

Reported-by: Stephen Gallager <sgallagh@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by:  Mimi Zohar <zohar@linux.vnet.ibm.com>
cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
cc: keyrings@vger.kernel.org
cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
2016-01-28 10:48:40 +11:00
..
apparmor apparmor: clarify CRYPTO dependency 2015-10-22 11:11:28 +11:00
integrity wrappers for ->i_mutex access 2016-01-22 18:04:28 -05:00
keys KEYS: Only apply KEY_FLAG_KEEP to a key if a parent keyring has it set 2016-01-28 10:48:40 +11:00
selinux wrappers for ->i_mutex access 2016-01-22 18:04:28 -05:00
smack security: let security modules use PTRACE_MODE_* with bitmasks 2016-01-20 17:09:18 -08:00
tomoyo convert a bunch of open-coded instances of memdup_user_nul() 2016-01-04 10:26:58 -05:00
yama security: let security modules use PTRACE_MODE_* with bitmasks 2016-01-20 17:09:18 -08:00
Kconfig Yama: remove needless CONFIG_SECURITY_YAMA_STACKED 2015-07-28 13:18:19 +10:00
Makefile LSM: Switch to lists of hooks 2015-05-12 15:00:41 +10:00
commoncap.c ptrace: use fsuid, fsgid, effective creds for fs access checks 2016-01-20 17:09:18 -08:00
device_cgroup.c security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition 2015-09-03 18:13:10 -07:00
inode.c wrappers for ->i_mutex access 2016-01-22 18:04:28 -05:00
lsm_audit.c Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next 2015-08-15 13:29:57 +10:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c security: Add hook to invalidate inode security labels 2015-12-24 11:09:40 -05:00