git.baikalelectronics.ru Git - kernel.git/commit

author	David Howells <dhowells@redhat.com>
	Wed, 27 Jan 2016 01:02:03 +0000 (01:02 +0000)
committer	James Morris <james.l.morris@oracle.com>
	Wed, 27 Jan 2016 23:48:40 +0000 (10:48 +1100)
commit	4f1bb1b3c301d6e27ace0a4017f94fdc935707aa
tree	9175a14f9b0ee8423aa3f9b51cac21bf444dbeda	tree \| snapshot
parent	1281c5d915fde63d59493cdd68b6bd714342dde3	commit \| diff

KEYS: Only apply KEY_FLAG_KEEP to a key if a parent keyring has it set

KEY_FLAG_KEEP should only be applied to a key if the keyring it is being
linked into has KEY_FLAG_KEEP set.

To this end, partially revert the following patch:

commit 3dae99eac6f9a1a55593cb941fed9188e5dbbd5c
Author: Mimi Zohar <zohar@linux.vnet.ibm.com>
Date:   Thu Jan 7 07:46:36 2016 -0500
KEYS: refcount bug fix

to undo the change that made it unconditional (Mimi got it right the first
time).

Without undoing this change, it becomes impossible to delete, revoke or
invalidate keys added to keyrings through __key_instantiate_and_link()
where the keyring has itself been linked to.  To test this, run the
following command sequence:

    keyctl newring foo @s
    keyctl add user a a %:foo
    keyctl unlink %user:a %:foo
    keyctl clear %:foo

With the commit mentioned above the third and fourth commands fail with
EPERM when they should succeed.

Reported-by: Stephen Gallager <sgallagh@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
cc: keyrings@vger.kernel.org
cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>