summaryrefslogtreecommitdiff
path: root/Documentation/security
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2019-06-19 18:10:15 +0300
committerDavid Howells <dhowells@redhat.com>2019-06-19 18:10:15 +0300
commit504b69eb3c95180bc59f1ae9096ad4b10bbbf254 (patch)
treef5d752709a378e608c13e3c517fa57fc49ad2fe9 /Documentation/security
parent45e0f30c30bb131663fbe1752974d6f2e39611e2 (diff)
downloadlinux-504b69eb3c95180bc59f1ae9096ad4b10bbbf254.tar.xz
keys: Fix request_key() lack of Link perm check on found key
The request_key() syscall allows a process to gain access to the 'possessor' permits of any key that grants it Search permission by virtue of request_key() not checking whether a key it finds grants Link permission to the caller. Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'Documentation/security')
-rw-r--r--Documentation/security/keys/core.rst4
1 files changed, 4 insertions, 0 deletions
diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
index 823d29bf44f7..82dd457ff78d 100644
--- a/Documentation/security/keys/core.rst
+++ b/Documentation/security/keys/core.rst
@@ -433,6 +433,10 @@ The main syscalls are:
/sbin/request-key will be invoked in an attempt to obtain a key. The
callout_info string will be passed as an argument to the program.
+ To link a key into the destination keyring the key must grant link
+ permission on the key to the caller and the keyring must grant write
+ permission.
+
See also Documentation/security/keys/request-key.rst.