d587946ff0
If request_key() is used to find a keyring, only do the search part - don't do the construction part if the keyring was not found by the search. We don't really want keyrings in the negative instantiated state since the rejected/negative instantiation error value in the payload is unioned with keyring metadata. Now the kernel gives an error: request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted) Signed-off-by: David Howells <dhowells@redhat.com> CVE-2015-7872 Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org> Change-Id: I3603fec8fab929d7636d7223901f16dc8d8026cc |
||
---|---|---|
.. | ||
encrypted-keys | ||
Kconfig | ||
Makefile | ||
compat.c | ||
gc.c | ||
internal.h | ||
key.c | ||
keyctl.c | ||
keyring.c | ||
permission.c | ||
proc.c | ||
process_keys.c | ||
request_key.c | ||
request_key_auth.c | ||
sysctl.c | ||
trusted.c | ||
trusted.h | ||
user_defined.c |