diff options
Diffstat (limited to 'security/keys/request_key.c')
| -rw-r--r-- | security/keys/request_key.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 000e75017520..0ae3a2202771 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
| @@ -126,6 +126,7 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
| 126 | 126 | ||
| 127 | cred = get_current_cred(); | 127 | cred = get_current_cred(); |
| 128 | keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, | 128 | keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, |
| 129 | KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ, | ||
| 129 | KEY_ALLOC_QUOTA_OVERRUN, NULL); | 130 | KEY_ALLOC_QUOTA_OVERRUN, NULL); |
| 130 | put_cred(cred); | 131 | put_cred(cred); |
| 131 | if (IS_ERR(keyring)) { | 132 | if (IS_ERR(keyring)) { |
| @@ -150,12 +151,12 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
| 150 | cred->thread_keyring ? cred->thread_keyring->serial : 0); | 151 | cred->thread_keyring ? cred->thread_keyring->serial : 0); |
| 151 | 152 | ||
| 152 | prkey = 0; | 153 | prkey = 0; |
| 153 | if (cred->tgcred->process_keyring) | 154 | if (cred->process_keyring) |
| 154 | prkey = cred->tgcred->process_keyring->serial; | 155 | prkey = cred->process_keyring->serial; |
| 155 | sprintf(keyring_str[1], "%d", prkey); | 156 | sprintf(keyring_str[1], "%d", prkey); |
| 156 | 157 | ||
| 157 | rcu_read_lock(); | 158 | rcu_read_lock(); |
| 158 | session = rcu_dereference(cred->tgcred->session_keyring); | 159 | session = rcu_dereference(cred->session_keyring); |
| 159 | if (!session) | 160 | if (!session) |
| 160 | session = cred->user->session_keyring; | 161 | session = cred->user->session_keyring; |
| 161 | sskey = session->serial; | 162 | sskey = session->serial; |
| @@ -297,14 +298,14 @@ static void construct_get_dest_keyring(struct key **_dest_keyring) | |||
| 297 | break; | 298 | break; |
| 298 | 299 | ||
| 299 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: | 300 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: |
| 300 | dest_keyring = key_get(cred->tgcred->process_keyring); | 301 | dest_keyring = key_get(cred->process_keyring); |
| 301 | if (dest_keyring) | 302 | if (dest_keyring) |
| 302 | break; | 303 | break; |
| 303 | 304 | ||
| 304 | case KEY_REQKEY_DEFL_SESSION_KEYRING: | 305 | case KEY_REQKEY_DEFL_SESSION_KEYRING: |
| 305 | rcu_read_lock(); | 306 | rcu_read_lock(); |
| 306 | dest_keyring = key_get( | 307 | dest_keyring = key_get( |
| 307 | rcu_dereference(cred->tgcred->session_keyring)); | 308 | rcu_dereference(cred->session_keyring)); |
| 308 | rcu_read_unlock(); | 309 | rcu_read_unlock(); |
| 309 | 310 | ||
| 310 | if (dest_keyring) | 311 | if (dest_keyring) |
| @@ -347,6 +348,7 @@ static int construct_alloc_key(struct key_type *type, | |||
| 347 | const struct cred *cred = current_cred(); | 348 | const struct cred *cred = current_cred(); |
| 348 | unsigned long prealloc; | 349 | unsigned long prealloc; |
| 349 | struct key *key; | 350 | struct key *key; |
| 351 | key_perm_t perm; | ||
| 350 | key_ref_t key_ref; | 352 | key_ref_t key_ref; |
| 351 | int ret; | 353 | int ret; |
| 352 | 354 | ||
| @@ -355,8 +357,15 @@ static int construct_alloc_key(struct key_type *type, | |||
| 355 | *_key = NULL; | 357 | *_key = NULL; |
| 356 | mutex_lock(&user->cons_lock); | 358 | mutex_lock(&user->cons_lock); |
| 357 | 359 | ||
| 360 | perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; | ||
| 361 | perm |= KEY_USR_VIEW; | ||
| 362 | if (type->read) | ||
| 363 | perm |= KEY_POS_READ; | ||
| 364 | if (type == &key_type_keyring || type->update) | ||
| 365 | perm |= KEY_POS_WRITE; | ||
| 366 | |||
| 358 | key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred, | 367 | key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred, |
| 359 | KEY_POS_ALL, flags); | 368 | perm, flags); |
| 360 | if (IS_ERR(key)) | 369 | if (IS_ERR(key)) |
| 361 | goto alloc_failed; | 370 | goto alloc_failed; |
| 362 | 371 | ||