Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management
From: David Howells
Date: Thu Oct 06 2005 - 10:18:43 EST
James Morris <jmorris@xxxxxxxxx> wrote:
> > > Access checks seem to be usually done before this point via
> > > lookup_user_key(), which is ideal.
> >
> > Eh? lookup_user_key()? That's not necessarily called before, not if you're
> > creating a key.
>
> I thought this was generally called before key operations.
>
> For example, sys_add_key() calls it with KEY_WRITE against the destination
> keyring.
Yes, but not in regard to the new key, which is what I thought you were
implying.
Besides, it's logically two operations: create key and link key to
keyring. The reason they have to be combined is that the key would be
immediately destroyed if it wasn't attached to a keyring.
The permissions check done on the keyring merely assures that the keyring can
be modified, not that a new key may or may not actually be created.
Maybe we're talking at cross-purposes here.
> > > I don't think SELinux would care about this yet. If so, the hook can be
> > > added later.
> >
> > Auditing?
>
> SELinux does not audit object creation, it will sometimes use a _post hook
> to update its internal state or perform the access control check for
> creating the object.
I meant the auditing service. Doesn't that use the security module hooks?
David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/