<feed xmlns='http://www.w3.org/2005/Atom'>
<title>kernel/git/stable/linux.git/security/keys, branch linux-2.6.15.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<id>https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/atom?h=linux-2.6.15.y</id>
<link rel='self' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/atom?h=linux-2.6.15.y'/>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/'/>
<updated>2006-02-10T07:20:11+00:00</updated>
<entry>
<title>[PATCH] Fix keyctl usage of strnlen_user()</title>
<updated>2006-02-10T07:20:11+00:00</updated>
<author>
<name>Davi Arnaut</name>
<email>davi.arnaut@gmail.com</email>
</author>
<published>2006-02-03T11:04:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=330d460744b92d00d5114079fcfc8e547d7ac143'/>
<id>urn:sha1:330d460744b92d00d5114079fcfc8e547d7ac143</id>
<content type='text'>
In the small window between strnlen_user() and copy_from_user() userspace
could alter the terminating `\0' character.

Signed-off-by: Davi Arnaut &lt;davi.arnaut@gmail.com&gt;
Cc: David Howells &lt;dhowells@redhat.com&gt;
Cc: &lt;stable@kernel.org&gt;
Signed-off-by: Andrew Morton &lt;akpm@osdl.org&gt;
Signed-off-by: Chris Wright &lt;chrisw@sous-sol.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</content>
</entry>
<entry>
<title>[PATCH] Keys: Fix permissions check for update vs add</title>
<updated>2005-12-01T23:48:56+00:00</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2005-12-01T08:51:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=db1d1d57e97700b4131fe80556dc6ef976d534c4'/>
<id>urn:sha1:db1d1d57e97700b4131fe80556dc6ef976d534c4</id>
<content type='text'>
Permit add_key() to once again update a matching key rather than adding a
new one if a matching key already exists in the target keyring.

This bug causes add_key() to always add a new key, displacing the old from
the target keyring.

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: Andrew Morton &lt;akpm@osdl.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
</content>
</entry>
<entry>
<title>[PATCH] kfree cleanup: security</title>
<updated>2005-11-07T15:54:06+00:00</updated>
<author>
<name>Jesper Juhl</name>
<email>jesper.juhl@gmail.com</email>
</author>
<published>2005-11-07T09:01:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a7f988ba304c5f6e78f937a06d120a0097b4d351'/>
<id>urn:sha1:a7f988ba304c5f6e78f937a06d120a0097b4d351</id>
<content type='text'>
This is the security/ part of the big kfree cleanup patch.

Remove pointless checks for NULL prior to calling kfree() in security/.

Signed-off-by: Jesper Juhl &lt;jesper.juhl@gmail.com&gt;
Acked-by: James Morris &lt;jmorris@namei.org&gt;
Signed-off-by: Andrew Morton &lt;akpm@osdl.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
</content>
</entry>
<entry>
<title>[PATCH] Keys: Remove incorrect and obsolete '!' operators</title>
<updated>2005-11-07T15:53:37+00:00</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2005-11-07T08:59:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0f6ed7c2641fe4cea83cd09c21928ca30c0983ec'/>
<id>urn:sha1:0f6ed7c2641fe4cea83cd09c21928ca30c0983ec</id>
<content type='text'>
The attached patch removes a couple of incorrect and obsolete '!' operators
left over from the conversion of the key permission functions from
true/false returns to zero/error returns.

Signed-Off-By: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: Andrew Morton &lt;akpm@osdl.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
</content>
</entry>
<entry>
<title>[PATCH] Keys: Add LSM hooks for key management [try #3]</title>
<updated>2005-10-31T01:37:23+00:00</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2005-10-30T23:02:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=29db9190634067c5a328ee5fcc2890251b836b4b'/>
<id>urn:sha1:29db9190634067c5a328ee5fcc2890251b836b4b</id>
<content type='text'>
The attached patch adds LSM hooks for key management facilities. The notable
changes are:

 (1) The key struct now supports a security pointer for the use of security
     modules. This will permit key labelling and restrictions on which
     programs may access a key.

 (2) Security modules get a chance to note (or abort) the allocation of a key.

 (3) The key permission checking can now be enhanced by the security modules;
     the permissions check consults LSM if all other checks bear out.

 (4) The key permissions checking functions now return an error code rather
     than a boolean value.

 (5) An extra permission has been added to govern the modification of
     attributes (UID, GID, permissions).

Note that there isn't an LSM hook specifically for each keyctl() operation,
but rather the permissions hook allows control of individual operations based
on the permission request bits.

Key management access control through LSM is enabled by automatically if both
CONFIG_KEYS and CONFIG_SECURITY are enabled.

This should be applied on top of the patch ensubjected:

	[PATCH] Keys: Possessor permissions should be additive

Signed-Off-By: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Andrew Morton &lt;akpm@osdl.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
</content>
</entry>
<entry>
<title>[PATCH] Keys: Export user-defined keyring operations</title>
<updated>2005-10-31T01:37:22+00:00</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2005-10-30T23:02:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2aa349f6e37ce030060c994d3aebbff4ab703565'/>
<id>urn:sha1:2aa349f6e37ce030060c994d3aebbff4ab703565</id>
<content type='text'>
Export user-defined key operations so that those who wish to define their
own key type based on the user-defined key operations may do so (as has
been requested).

The header file created has been placed into include/keys/user-type.h, thus
creating a directory where other key types may also be placed.  Any
objections to doing this?

Signed-Off-By: David Howells &lt;dhowells@redhat.com&gt;
Signed-Off-By: Arjan van de Ven &lt;arjan@infradead.org&gt;
Signed-off-by: Andrew Morton &lt;akpm@osdl.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
</content>
</entry>
<entry>
<title>[PATCH] Keys: Possessor permissions should be additive</title>
<updated>2005-10-08T21:54:48+00:00</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2005-10-07T15:41:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7ab501db8cb6659efdf04034e0de6b44c059a51b'/>
<id>urn:sha1:7ab501db8cb6659efdf04034e0de6b44c059a51b</id>
<content type='text'>
This patch makes the possessor permissions on a key additive with
user/group/other permissions on the same key.

This permits extra rights to be granted to the possessor of a key without
taking away any rights conferred by them owning the key or having common group
membership.

Signed-Off-By: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
</content>
</entry>
<entry>
<title>[PATCH] Keys: Split key permissions checking into a .c file</title>
<updated>2005-10-08T21:53:31+00:00</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2005-10-07T14:07:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=468ed2b0c85ec4310b429e60358213b6d077289e'/>
<id>urn:sha1:468ed2b0c85ec4310b429e60358213b6d077289e</id>
<content type='text'>
The attached patch splits key permissions checking out of key-ui.h and
moves it into a .c file.  It's quite large and called quite a lot, and
it's about to get bigger with the addition of LSM support for keys...

key_any_permission() is also discarded as it's no longer used.

Signed-Off-By: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
</content>
</entry>
<entry>
<title>[PATCH] Keys: Add request-key process documentation</title>
<updated>2005-10-08T21:53:31+00:00</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2005-10-07T14:04:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f1a9badcf6ecad9975240d94514721cb93932151'/>
<id>urn:sha1:f1a9badcf6ecad9975240d94514721cb93932151</id>
<content type='text'>
The attached patch adds documentation for the process by which request-key
works, including how it permits helper processes to gain access to the
requestor's keyrings.

Signed-Off-By: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
</content>
</entry>
<entry>
<title>[PATCH] key: plug request_key_auth memleak</title>
<updated>2005-10-08T21:53:31+00:00</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2005-10-07T14:01:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=74fd92c511bd4a0771ac0faaaef38bb1be3a29f6'/>
<id>urn:sha1:74fd92c511bd4a0771ac0faaaef38bb1be3a29f6</id>
<content type='text'>
Plug request_key_auth memleak.  This can be triggered by unprivileged
users, so is local DoS.

Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-Off-By: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
</content>
</entry>
</feed>
