mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-30 06:10:56 +00:00
Code Issues Releases Wiki Activity
linux-stable/security/keys
History
Christian Göttsche 9121d71c01 security: keys: perform capable check only on privileged operations 
[ Upstream commit 2d7f105edb ]

If the current task fails the check for the queried capability via
`capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message.
Issuing such denial messages unnecessarily can lead to a policy author
granting more privileges to a subject than needed to silence them.

Reorder CAP_SYS_ADMIN checks after the check whether the operation is
actually privileged.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-09-23 10:46:53 +02:00
..
encrypted-keys KEYS: Don't write out to userspace while holding key semaphore 2020-04-24 08:01:25 +02:00
big_key.c KEYS: Don't write out to userspace while holding key semaphore 2020-04-24 08:01:25 +02:00
compat.c
compat_dh.c
dh.c
gc.c
internal.h mm: add kvfree_sensitive() for freeing sensitive data objects 2020-06-20 10:24:59 +02:00
Kconfig
key.c certs: Fix blacklist flag type confusion 2021-03-03 18:22:46 +01:00
keyctl.c security: keys: perform capable check only on privileged operations 2023-09-23 10:46:53 +02:00
keyring.c KEYS: Don't write out to userspace while holding key semaphore 2020-04-24 08:01:25 +02:00
Makefile
permission.c
persistent.c
proc.c
process_keys.c
request_key.c
request_key_auth.c KEYS: Don't write out to userspace while holding key semaphore 2020-04-24 08:01:25 +02:00
sysctl.c
trusted.c KEYS: trusted: Fix migratable=1 failing 2021-03-03 18:22:52 +01:00
trusted.h
user_defined.c KEYS: Don't write out to userspace while holding key semaphore 2020-04-24 08:01:25 +02:00