Michael LeMay e51f6d3437 [PATCH] keys: allocate key serial numbers randomly ... Cause key_alloc_serial() to generate key serial numbers randomly rather than in linear sequence. Using an linear sequence permits a covert communication channel to be established, in which one process can communicate with another by creating or not creating new keys within a certain timeframe. The second process can probe for the expected next key serial number and judge its existence by the error returned. This is a problem as the serial number namespace is globally shared between all tasks, regardless of their context. For more information on this topic, this old TCSEC guide is recommended: http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-030.html Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>		2006-06-26 09:58:18 -07:00
..
keys	[PATCH] keys: allocate key serial numbers randomly	2006-06-26 09:58:18 -07:00
selinux	[PATCH] keys: sort out key quota system	2006-06-26 09:58:18 -07:00
capability.c	kbuild: un-stringnify KBUILD_MODNAME	2006-01-06 21:17:50 +01:00
commoncap.c	[PATCH] make cap_ptrace enforce PTRACE_TRACME checks	2006-03-25 08:22:56 -08:00
dummy.c	[PATCH] keys: sort out key quota system	2006-06-26 09:58:18 -07:00
inode.c	Merge branch 'master' of /home/trondmy/kernel/linux-2.6/	2006-06-24 13:07:53 -04:00
Kconfig	[LSM-IPSec]: Security association restriction.	2006-01-03 13:10:24 -08:00
Makefile	[PATCH] add securityfs for all LSMs to use	2005-07-08 18:48:41 -07:00
root_plug.c	Linux-2.6.12-rc2	2005-04-16 15:20:36 -07:00
seclvl.c	[PATCH] Bug fixes and cleanup for the BSD Secure Levels LSM	2006-03-23 07:38:03 -08:00
security.c	[PATCH] refactor capable() to one implementation, add __capable() helper	2006-03-25 08:22:56 -08:00