[PATCH keys-next] keys: Fix permissions assigned to anonymous session keyrings
Eric Biggers
ebiggers at kernel.org
Tue Aug 27 19:18:24 UTC 2019
From: Eric Biggers <ebiggers at google.com>
JOIN permission was incorrectly removed from anonymous session keyrings
when the old-style key permissions were translated to an ACL, thus
breaking 'keyctl new_session'.
Fixes: f802f2b3a991 ("keys: Replace uid/gid/perm permissions checking with an ACL")
Signed-off-by: Eric Biggers <ebiggers at google.com>
---
security/keys/process_keys.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index aa3bfcadbc6600..519c94f1cc3c2c 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -58,7 +58,7 @@ static struct key_acl session_keyring_acl = {
.possessor_viewable = true,
.nr_ace = 2,
.aces = {
- KEY_POSSESSOR_ACE(KEY_ACE__PERMS & ~KEY_ACE_JOIN),
+ KEY_POSSESSOR_ACE(KEY_ACE__PERMS),
KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ),
}
};
--
2.23.0.187.g17f5b7556c-goog
More information about the Linux-security-module-archive
mailing list