korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-26 05:34:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

KEYS: Make the system 'trusted' keyring viewable by userspace

Browse Source 
Give the root user the ability to read the system keyring and put read
permission on the trusted keys added during boot.  The latter is actually more
theoretical than real for the moment as asymmetric keys do not currently
provide a read operation.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
Mimi Zohar 2013-08-20 14:36:26 -04:00 committed by David Howells
parent cd0421dcd0
commit af34cb0c3d
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
kernel/system_keyring.c
View File

@ -35,7 +35,7 @@ static __init int system_trusted_keyring_init(void)
keyring_alloc(".system_keyring",
KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
KEY_USR_VIEW | KEY_USR_READ),
KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
KEY_ALLOC_NOT_IN_QUOTA, NULL);
if (IS_ERR(system_trusted_keyring))
panic("Can't allocate system trusted keyring\n");
@ -81,8 +81,8 @@ static __init int load_system_certificate_list(void)
NULL,
p,
plen,
(KEY_POS_ALL & ~KEY_POS_SETATTR) |
KEY_USR_VIEW,
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
KEY_USR_VIEW | KEY_USR_READ),
KEY_ALLOC_NOT_IN_QUOTA |
KEY_ALLOC_TRUSTED);
if (IS_ERR(key)) {