linux/security/keys
David Howells 4993e1f947 certs: Fix blacklist flag type confusion
KEY_FLAG_KEEP is not meant to be passed to keyring_alloc() or key_alloc(),
as these only take KEY_ALLOC_* flags.  KEY_FLAG_KEEP has the same value as
KEY_ALLOC_BYPASS_RESTRICTION, but fortunately only key_create_or_update()
uses it.  LSMs using the key_alloc hook don't check that flag.

KEY_FLAG_KEEP is then ignored but fortunately (again) the root user cannot
write to the blacklist keyring, so it is not possible to remove a key/hash
from it.

Fix this by adding a KEY_ALLOC_SET_KEEP flag that tells key_alloc() to set
KEY_FLAG_KEEP on the new key.  blacklist_init() can then, correctly, pass
this to keyring_alloc().

We can also use this in ima_mok_init() rather than setting the flag
manually.

Note that this doesn't fix an observable bug with the current
implementation but it is required to allow addition of new hashes to the
blacklist in the future without making it possible for them to be removed.

Fixes: 734114f878 ("KEYS: Add a system blacklist keyring")
Reported-by: Mickaël Salaün <mic@linux.microsoft.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Mickaël Salaün <mic@linux.microsoft.com>
cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Woodhouse <dwmw2@infradead.org>
2021-01-21 16:16:10 +00:00
..
encrypted-keys crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
trusted-keys crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
big_key.c security/keys: use kvfree_sensitive() 2021-01-21 16:16:09 +00:00
compat_dh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
compat.c security/keys: remove compat_keyctl_instantiate_key_iov 2020-10-03 00:02:16 -04:00
dh.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
gc.c watch_queue: Add a key/keyring notification facility 2020-05-19 15:19:06 +01:00
internal.h security/keys: remove compat_keyctl_instantiate_key_iov 2020-10-03 00:02:16 -04:00
Kconfig watch_queue: Drop references to /dev/watch_queue 2021-01-21 16:16:08 +00:00
key.c certs: Fix blacklist flag type confusion 2021-01-21 16:16:10 +00:00
keyctl_pkey.c KEYS: remove redundant memset 2021-01-21 16:16:09 +00:00
keyctl.c security: keys: delete repeated words in comments 2021-01-21 16:16:09 +00:00
keyring.c security: keys: delete repeated words in comments 2021-01-21 16:16:09 +00:00
Makefile KEYS: remove CONFIG_KEYS_COMPAT 2019-12-12 23:41:17 +02:00
permission.c keys: Make the KEY_NEED_* perms an enum rather than a mask 2020-05-19 15:42:22 +01:00
persistent.c Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs" 2019-07-10 18:43:43 -07:00
proc.c keys: Fix proc_keys_next to increase position index 2020-04-16 10:10:50 -07:00
process_keys.c security: keys: Fix fall-through warnings for Clang 2021-01-21 16:16:08 +00:00
request_key_auth.c KEYS: Don't write out to userspace while holding key semaphore 2020-03-29 12:40:41 +01:00
request_key.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
sysctl.c proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
user_defined.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00