Re: [Keyrings] Re: [PATCH] Keys: Add possessor permissions to keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sep 21, 2005, at 14:29:54, David Howells wrote:
(3) Key handles (which I've been asked for before).

This involves detaching the permissions and suchlike from the key into a "handle" which can then be cloned. A temporary handle could then be used to hold the possession attribute and the other permissions at the time of the access.

The downside of this is that it's quite a big change. It also makes joining session keyrings way more "interesting". It does have some nice features though.

Are there any plans to implement this functionality in the near future? It would complement the existing security model nicely by allowing a process to clone its key handle either explicitly (with a keyctl call) or implicitly (by passing it over a file handle to another process), and then later revoke the cloned handle and all handles cloned from it with a single call, much as one can SIGKILL an entire process group with a single kill(). It seems that a key handle would be little more than a special sort of file handle attached to a key. I'm curious what issues you've found with joining session keyrings. I haven't thought about that part specifically, but it seems that perhaps there should be a set of "default" permissions and attributes that are associated with a new lookup-by- key-id handle.


Cheers,
Kyle Moffett

--
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult.
  -- C.A.R. Hoare


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux