mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/security/keys
History
Christian Göttsche 9121d71c01 security: keys: perform capable check only on privileged operations 
[ Upstream commit 2d7f105edb ]

If the current task fails the check for the queried capability via
`capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message.
Issuing such denial messages unnecessarily can lead to a policy author
granting more privileges to a subject than needed to silence them.

Reorder CAP_SYS_ADMIN checks after the check whether the operation is
actually privileged.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-09-23 10:46:53 +02:00
..
encrypted-keys KEYS: Don't write out to userspace while holding key semaphore 2020-04-24 08:01:25 +02:00
Kconfig security/keys: BIG_KEY requires CONFIG_CRYPTO 2017-10-18 09:12:40 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
big_key.c KEYS: Don't write out to userspace while holding key semaphore 2020-04-24 08:01:25 +02:00
compat.c KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
compat_dh.c KEYS: DH: validate __spare field 2017-07-14 11:01:38 +10:00
dh.c Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name" 2018-09-29 03:06:04 -07:00
gc.c KEYS: Fix race between updating and finding a negative key 2017-10-18 09:12:40 +01:00
internal.h mm: add kvfree_sensitive() for freeing sensitive data objects 2020-06-20 10:24:59 +02:00
key.c certs: Fix blacklist flag type confusion 2021-03-03 18:22:46 +01:00
keyctl.c security: keys: perform capable check only on privileged operations 2023-09-23 10:46:53 +02:00
keyring.c KEYS: Don't write out to userspace while holding key semaphore 2020-04-24 08:01:25 +02:00
permission.c KEYS: load key flags and expiry time atomically in key_validate() 2017-10-18 09:12:41 +01:00
persistent.c sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h> 2017-03-02 08:42:31 +01:00
proc.c KEYS: always initialize keyring_index_key::desc_len 2019-02-27 10:08:07 +01:00
process_keys.c keys: Fix dependency loop between construction record and auth key 2019-03-23 14:35:14 +01:00
request_key.c keys: Fix dependency loop between construction record and auth key 2019-03-23 14:35:14 +01:00
request_key_auth.c KEYS: Don't write out to userspace while holding key semaphore 2020-04-24 08:01:25 +02:00
sysctl.c
trusted.c KEYS: trusted: Fix migratable=1 failing 2021-03-03 18:22:52 +01:00
trusted.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
user_defined.c KEYS: Don't write out to userspace while holding key semaphore 2020-04-24 08:01:25 +02:00