From 74fd92c511bd4a0771ac0faaaef38bb1be3a29f6 Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 7 Oct 2005 15:01:09 +0100 Subject: [PATCH] key: plug request_key_auth memleak Plug request_key_auth memleak. This can be triggered by unprivileged users, so is local DoS. Signed-off-by: Chris Wright Signed-Off-By: David Howells Signed-off-by: Linus Torvalds --- security/keys/request_key_auth.c | 1 + 1 file changed, 1 insertion(+) (limited to 'security/keys') diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index 1ecd3d3fa9f8..f80a501e27f1 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c @@ -96,6 +96,7 @@ static void request_key_auth_destroy(struct key *key) kenter("{%d}", key->serial); key_put(rka->target_key); + kfree(rka); } /* end request_key_auth_destroy() */ -- cgit v1.2.3 From f1a9badcf6ecad9975240d94514721cb93932151 Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 7 Oct 2005 15:04:52 +0100 Subject: [PATCH] Keys: Add request-key process documentation The attached patch adds documentation for the process by which request-key works, including how it permits helper processes to gain access to the requestor's keyrings. Signed-Off-By: David Howells Signed-off-by: Linus Torvalds --- security/keys/request_key.c | 2 ++ security/keys/request_key_auth.c | 2 ++ 2 files changed, 4 insertions(+) (limited to 'security/keys') diff --git a/security/keys/request_key.c b/security/keys/request_key.c index e6dd366d43a3..5cc4bba70db6 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -7,6 +7,8 @@ * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. + * + * See Documentation/keys-request-key.txt */ #include diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index f80a501e27f1..a8e4069d48cb 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c @@ -7,6 +7,8 @@ * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. + * + * See Documentation/keys-request-key.txt */ #include -- cgit v1.2.3 From 468ed2b0c85ec4310b429e60358213b6d077289e Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 7 Oct 2005 15:07:38 +0100 Subject: [PATCH] Keys: Split key permissions checking into a .c file The attached patch splits key permissions checking out of key-ui.h and moves it into a .c file. It's quite large and called quite a lot, and it's about to get bigger with the addition of LSM support for keys... key_any_permission() is also discarded as it's no longer used. Signed-Off-By: David Howells Signed-off-by: Linus Torvalds --- security/keys/Makefile | 1 + security/keys/permission.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 security/keys/permission.c (limited to 'security/keys') diff --git a/security/keys/Makefile b/security/keys/Makefile index c392d750b208..5145adfb6a05 100644 --- a/security/keys/Makefile +++ b/security/keys/Makefile @@ -6,6 +6,7 @@ obj-y := \ key.o \ keyring.o \ keyctl.o \ + permission.o \ process_keys.o \ request_key.o \ request_key_auth.o \ diff --git a/security/keys/permission.c b/security/keys/permission.c new file mode 100644 index 000000000000..1c3651670ce9 --- /dev/null +++ b/security/keys/permission.c @@ -0,0 +1,70 @@ +/* permission.c: key permission determination + * + * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ + +#include +#include "internal.h" + +/*****************************************************************************/ +/* + * check to see whether permission is granted to use a key in the desired way, + * but permit the security modules to override + */ +int key_task_permission(const key_ref_t key_ref, + struct task_struct *context, + key_perm_t perm) +{ + struct key *key; + key_perm_t kperm; + int ret; + + key = key_ref_to_ptr(key_ref); + + /* use the top 8-bits of permissions for keys the caller possesses */ + if (is_key_possessed(key_ref)) { + kperm = key->perm >> 24; + goto use_these_perms; + } + + /* use the second 8-bits of permissions for keys the caller owns */ + if (key->uid == context->fsuid) { + kperm = key->perm >> 16; + goto use_these_perms; + } + + /* use the third 8-bits of permissions for keys the caller has a group + * membership in common with */ + if (key->gid != -1 && key->perm & KEY_GRP_ALL) { + if (key->gid == context->fsgid) { + kperm = key->perm >> 8; + goto use_these_perms; + } + + task_lock(context); + ret = groups_search(context->group_info, key->gid); + task_unlock(context); + + if (ret) { + kperm = key->perm >> 8; + goto use_these_perms; + } + } + + /* otherwise use the least-significant 8-bits */ + kperm = key->perm; + +use_these_perms: + kperm = kperm & perm & KEY_ALL; + + return kperm == perm; + +} /* end key_task_permission() */ + +EXPORT_SYMBOL(key_task_permission); -- cgit v1.2.3 From 7ab501db8cb6659efdf04034e0de6b44c059a51b Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 7 Oct 2005 16:41:24 +0100 Subject: [PATCH] Keys: Possessor permissions should be additive This patch makes the possessor permissions on a key additive with user/group/other permissions on the same key. This permits extra rights to be granted to the possessor of a key without taking away any rights conferred by them owning the key or having common group membership. Signed-Off-By: David Howells Signed-off-by: Linus Torvalds --- security/keys/permission.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'security/keys') diff --git a/security/keys/permission.c b/security/keys/permission.c index 1c3651670ce9..03db073ba45c 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c @@ -27,12 +27,6 @@ int key_task_permission(const key_ref_t key_ref, key = key_ref_to_ptr(key_ref); - /* use the top 8-bits of permissions for keys the caller possesses */ - if (is_key_possessed(key_ref)) { - kperm = key->perm >> 24; - goto use_these_perms; - } - /* use the second 8-bits of permissions for keys the caller owns */ if (key->uid == context->fsuid) { kperm = key->perm >> 16; @@ -61,6 +55,12 @@ int key_task_permission(const key_ref_t key_ref, kperm = key->perm; use_these_perms: + /* use the top 8-bits of permissions for keys the caller possesses + * - possessor permissions are additive with other permissions + */ + if (is_key_possessed(key_ref)) + kperm |= key->perm >> 24; + kperm = kperm & perm & KEY_ALL; return kperm == perm; -- cgit v1.2.3