diff options
author | David Howells <dhowells@redhat.com> | 2008-04-29 04:01:31 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-29 11:06:17 -0400 |
commit | 69664cf16af4f31cd54d77948a4baf9c7e0ca7b9 (patch) | |
tree | 3ff4ecae21c140a2beed25cfa9e55b788f9814ac /kernel | |
parent | 6b79ccb5144f9ffb4d4596c23e7570238dd12abc (diff) |
keys: don't generate user and user session keyrings unless they're accessed
Don't generate the per-UID user and user session keyrings unless they're
explicitly accessed. This solves a problem during a login process whereby
set*uid() is called before the SELinux PAM module, resulting in the per-UID
keyrings having the wrong security labels.
This also cures the problem of multiple per-UID keyrings sometimes appearing
due to PAM modules (including pam_keyinit) setuiding and causing user_structs
to come into and go out of existence whilst the session keyring pins the user
keyring. This is achieved by first searching for extant per-UID keyrings
before inventing new ones.
The serial bound argument is also dropped from find_keyring_by_name() as it's
not currently made use of (setting it to 0 disables the feature).
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: <kwc@citi.umich.edu>
Cc: <arunsr@cse.iitk.ac.in>
Cc: <dwalsh@redhat.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>
Cc: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/user.c | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/kernel/user.c b/kernel/user.c index debce602bfdd..aefbbfa3159f 100644 --- a/kernel/user.c +++ b/kernel/user.c | |||
@@ -53,10 +53,6 @@ struct user_struct root_user = { | |||
53 | .files = ATOMIC_INIT(0), | 53 | .files = ATOMIC_INIT(0), |
54 | .sigpending = ATOMIC_INIT(0), | 54 | .sigpending = ATOMIC_INIT(0), |
55 | .locked_shm = 0, | 55 | .locked_shm = 0, |
56 | #ifdef CONFIG_KEYS | ||
57 | .uid_keyring = &root_user_keyring, | ||
58 | .session_keyring = &root_session_keyring, | ||
59 | #endif | ||
60 | #ifdef CONFIG_USER_SCHED | 56 | #ifdef CONFIG_USER_SCHED |
61 | .tg = &init_task_group, | 57 | .tg = &init_task_group, |
62 | #endif | 58 | #endif |
@@ -420,12 +416,12 @@ struct user_struct * alloc_uid(struct user_namespace *ns, uid_t uid) | |||
420 | new->mq_bytes = 0; | 416 | new->mq_bytes = 0; |
421 | #endif | 417 | #endif |
422 | new->locked_shm = 0; | 418 | new->locked_shm = 0; |
423 | 419 | #ifdef CONFIG_KEYS | |
424 | if (alloc_uid_keyring(new, current) < 0) | 420 | new->uid_keyring = new->session_keyring = NULL; |
425 | goto out_free_user; | 421 | #endif |
426 | 422 | ||
427 | if (sched_create_user(new) < 0) | 423 | if (sched_create_user(new) < 0) |
428 | goto out_put_keys; | 424 | goto out_free_user; |
429 | 425 | ||
430 | if (uids_user_create(new)) | 426 | if (uids_user_create(new)) |
431 | goto out_destoy_sched; | 427 | goto out_destoy_sched; |
@@ -459,9 +455,6 @@ struct user_struct * alloc_uid(struct user_namespace *ns, uid_t uid) | |||
459 | 455 | ||
460 | out_destoy_sched: | 456 | out_destoy_sched: |
461 | sched_destroy_user(new); | 457 | sched_destroy_user(new); |
462 | out_put_keys: | ||
463 | key_put(new->uid_keyring); | ||
464 | key_put(new->session_keyring); | ||
465 | out_free_user: | 458 | out_free_user: |
466 | kmem_cache_free(uid_cachep, new); | 459 | kmem_cache_free(uid_cachep, new); |
467 | out_unlock: | 460 | out_unlock: |