[PATCH 3/4] keys: skip keys from another user namespace

From: Serge E. Hallyn
Date: Fri Jan 09 2009 - 17:53:23 EST



When listing keys, do not return keys belonging to the
same uid in another user namespace. Otherwise uid 500
in another user namespace will return keyrings called
uid.500 for another user namespace.

Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>
---
security/keys/keyring.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index ed85157..3dba81c 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -539,6 +539,9 @@ struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
&keyring_name_hash[bucket],
type_data.link
) {
+ if (keyring->user->user_ns != current_user_ns())
+ continue;
+
if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
continue;

--
1.5.4.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/