Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
[PATCH] Keys: Possessor permissions should be additive
This patch makes the possessor permissions on a key additive with
user/group/other permissions on the same key.
This permits extra rights to be granted to the possessor of a key without
taking away any rights conferred by them owning the key or having common group
membership.
Signed-Off-By: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
authored by David Howells and committed by Linus Torvalds 7ab501db 468ed2b0
+6
-6
security/keys/permission.c
+6
-6
security/keys/permission.c
···
27
27
28
28
key = key_ref_to_ptr(key_ref);
29
29
30
-
/* use the top 8-bits of permissions for keys the caller possesses */
31
-
if (is_key_possessed(key_ref)) {
32
-
kperm = key->perm >> 24;
33
-
goto use_these_perms;
34
-
}
35
-
36
30
/* use the second 8-bits of permissions for keys the caller owns */
37
31
if (key->uid == context->fsuid) {
38
32
kperm = key->perm >> 16;
···
55
61
kperm = key->perm;
56
62
57
63
use_these_perms:
64
+
/* use the top 8-bits of permissions for keys the caller possesses
65
+
* - possessor permissions are additive with other permissions
66
+
*/
67
+
if (is_key_possessed(key_ref))
68
+
kperm |= key->perm >> 24;
69
+
58
70
kperm = kperm & perm & KEY_ALL;
59
71
60
72
return kperm == perm;