diff options
author | David Howells <dhowells@redhat.com> | 2014-09-16 17:29:03 +0100 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2014-09-16 17:29:03 +0100 |
commit | 54e2c2c1a9d6cbb270b0999a38545fa9a69bee43 (patch) | |
tree | fd9b5bf4f7b3e35bf785f7f2762bcfdb1e507028 /security/keys | |
parent | 478d085524c57cf4283699f529d5a4c22188ea69 (diff) | |
download | lwn-54e2c2c1a9d6cbb270b0999a38545fa9a69bee43.tar.gz lwn-54e2c2c1a9d6cbb270b0999a38545fa9a69bee43.zip |
KEYS: Reinstate EPERM for a key type name beginning with a '.'
Reinstate the generation of EPERM for a key type name beginning with a '.' in
a userspace call. Types whose name begins with a '.' are internal only.
The test was removed by:
commit a4e3b8d79a5c6d40f4a9703abf7fe3abcc6c3b8d
Author: Mimi Zohar <zohar@linux.vnet.ibm.com>
Date: Thu May 22 14:02:23 2014 -0400
Subject: KEYS: special dot prefixed keyring name bug fix
I think we want to keep the restriction on type name so that userspace can't
add keys of a special internal type.
Note that removal of the test causes several of the tests in the keyutils
testsuite to fail.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/keys')
-rw-r--r-- | security/keys/keyctl.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index e26f860e5f2e..eff88a5f5d40 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -37,6 +37,8 @@ static int key_get_type_from_user(char *type, return ret; if (ret == 0 || ret >= len) return -EINVAL; + if (type[0] == '.') + return -EPERM; type[len - 1] = '\0'; return 0; } |