linux/security/keys
David Howells c3a9d6541f [Security] Keys: Fix oops when adding key to non-keyring
This fixes the problem of an oops occuring when a user attempts to add a
key to a non-keyring key [CVE-2006-1522].

The problem is that __keyring_search_one() doesn't check that the
keyring it's been given is actually a keyring.

I've fixed this problem by:

 (1) declaring that caller of __keyring_search_one() must guarantee that
     the keyring is a keyring; and

 (2) making key_create_or_update() check that the keyring is a keyring,
     and return -ENOTDIR if it isn't.

This can be tested by:

	keyctl add user b b `keyctl add user a a @s`

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-10 09:33:46 -07:00
..
Makefile [PATCH] Keys: Split key permissions checking into a .c file 2005-10-08 14:53:31 -07:00
compat.c [PATCH] keys: Permit running process to instantiate keys 2006-01-08 20:13:53 -08:00
internal.h [PATCH] keys: Permit running process to instantiate keys 2006-01-08 20:13:53 -08:00
key.c [Security] Keys: Fix oops when adding key to non-keyring 2006-04-10 09:33:46 -07:00
keyctl.c [PATCH] strndup_user: convert keyctl 2006-03-24 07:33:31 -08:00
keyring.c [Security] Keys: Fix oops when adding key to non-keyring 2006-04-10 09:33:46 -07:00
permission.c [PATCH] keys: Permit running process to instantiate keys 2006-01-08 20:13:53 -08:00
proc.c [PATCH] Keys: Add possessor permissions to keys [try #3] 2005-09-28 09:10:47 -07:00
process_keys.c [PATCH] sem2mutex: security/ 2006-03-22 07:54:06 -08:00
request_key.c [PATCH] keys: Permit running process to instantiate keys 2006-01-08 20:13:53 -08:00
request_key_auth.c [PATCH] keys: Permit running process to instantiate keys 2006-01-08 20:13:53 -08:00
user_defined.c [PATCH] Keys: Remove key duplication 2006-01-06 08:33:29 -08:00