Re: [Keyrings] Re: [PATCH] Keys: Add possessor permissions to keys

[Kyle Moffett]

On Sep 21, 2005, at 14:29:54, David Howells wrote:
> (3) Key handles (which I've been asked for before).
>
> This involves detaching the permissions and suchlike from the key  
> into a "handle" which can then be cloned. A temporary handle could  
> then be used to hold the possession attribute and the other  
> permissions at the time of the access.
>
> The downside of this is that it's quite a big change. It also makes  
> joining session keyrings way more "interesting". It does have some  
> nice features though.

Are there any plans to implement this functionality in the near  
future?  It would complement the existing security model nicely by  
allowing a process to clone its key handle either explicitly (with  a  
keyctl call) or implicitly (by passing it over a file handle to  
another process), and then later revoke the cloned handle and all  
handles cloned from it with a single call, much as one can SIGKILL an  
entire process group with a single kill().  It seems that a key  
handle would be little more than a special sort of file handle  
attached to a key.  I'm curious what issues you've found with joining  
session keyrings.  I haven't thought about that part specifically,  
but it seems that perhaps there should be a set of "default"  
permissions and attributes that are associated with a new lookup-by- 
key-id handle.


Cheers,
Kyle Moffett

--
There are two ways of constructing a software design. One way is to  
make it so simple that there are obviously no deficiencies. And the  
other way is to make it so complicated that there are no obvious  
deficiencies.  The first method is far more difficult.
  -- C.A.R. Hoare


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/