Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management

From: David Howells
Date: Thu Oct 06 2005 - 10:18:43 EST


James Morris <jmorris@xxxxxxxxx> wrote:

> > > Access checks seem to be usually done before this point via
> > > lookup_user_key(), which is ideal.
> >
> > Eh? lookup_user_key()? That's not necessarily called before, not if you're
> > creating a key.
>
> I thought this was generally called before key operations.
>
> For example, sys_add_key() calls it with KEY_WRITE against the destination
> keyring.

Yes, but not in regard to the new key, which is what I thought you were
implying.

Besides, it's logically two operations: create key and link key to
keyring. The reason they have to be combined is that the key would be
immediately destroyed if it wasn't attached to a keyring.

The permissions check done on the keyring merely assures that the keyring can
be modified, not that a new key may or may not actually be created.

Maybe we're talking at cross-purposes here.

> > > I don't think SELinux would care about this yet. If so, the hook can be
> > > added later.
> >
> > Auditing?
>
> SELinux does not audit object creation, it will sometimes use a _post hook
> to update its internal state or perform the access control check for
> creating the object.

I meant the auditing service. Doesn't that use the security module hooks?

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/