[PATCH 3/4] keys: skip keys from another user namespace

From: Serge E. Hallyn
Date: Thu Feb 26 2009 - 19:28:31 EST

Next message: Serge E. Hallyn: "[PATCH 4/4] keys: make procfiles per-user-namespace"
Previous message: Serge E. Hallyn: "[PATCH 2/4] keys: consider user namespace in key_permission"
In reply to: Serge E. Hallyn: "[PATCH 2/4] keys: consider user namespace in key_permission"
Next in thread: Serge E. Hallyn: "[PATCH 4/4] keys: make procfiles per-user-namespace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When listing keys, do not return keys belonging to the
same uid in another user namespace. Otherwise uid 500
in another user namespace will return keyrings called
uid.500 for another user namespace.

Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>
Acked-by: David Howells <dhowells@xxxxxxxxxx>
---
security/keys/keyring.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index ed85157..3dba81c 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -539,6 +539,9 @@ struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
&keyring_name_hash[bucket],
type_data.link
) {
+ if (keyring->user->user_ns != current_user_ns())
+ continue;
+
if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
continue;

--
1.5.4.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Serge E. Hallyn: "[PATCH 4/4] keys: make procfiles per-user-namespace"
Previous message: Serge E. Hallyn: "[PATCH 2/4] keys: consider user namespace in key_permission"
In reply to: Serge E. Hallyn: "[PATCH 2/4] keys: consider user namespace in key_permission"
Next in thread: Serge E. Hallyn: "[PATCH 4/4] keys: make procfiles per-user-namespace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]