summaryrefslogtreecommitdiff
path: root/security/keys
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2014-09-16 17:29:03 +0100
committerDavid Howells <dhowells@redhat.com>2014-09-16 17:29:03 +0100
commit54e2c2c1a9d6cbb270b0999a38545fa9a69bee43 (patch)
treefd9b5bf4f7b3e35bf785f7f2762bcfdb1e507028 /security/keys
parent478d085524c57cf4283699f529d5a4c22188ea69 (diff)
downloadlwn-54e2c2c1a9d6cbb270b0999a38545fa9a69bee43.tar.gz
lwn-54e2c2c1a9d6cbb270b0999a38545fa9a69bee43.zip
KEYS: Reinstate EPERM for a key type name beginning with a '.'
Reinstate the generation of EPERM for a key type name beginning with a '.' in a userspace call. Types whose name begins with a '.' are internal only. The test was removed by: commit a4e3b8d79a5c6d40f4a9703abf7fe3abcc6c3b8d Author: Mimi Zohar <zohar@linux.vnet.ibm.com> Date: Thu May 22 14:02:23 2014 -0400 Subject: KEYS: special dot prefixed keyring name bug fix I think we want to keep the restriction on type name so that userspace can't add keys of a special internal type. Note that removal of the test causes several of the tests in the keyutils testsuite to fail. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com> cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/keys')
-rw-r--r--security/keys/keyctl.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index e26f860e5f2e..eff88a5f5d40 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -37,6 +37,8 @@ static int key_get_type_from_user(char *type,
return ret;
if (ret == 0 || ret >= len)
return -EINVAL;
+ if (type[0] == '.')
+ return -EPERM;
type[len - 1] = '\0';
return 0;
}