Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management

On Thu, 6 Oct 2005, David Howells wrote:

> > > Should I expand the permissions mask to include a setattr?
> > 
> > Possibly for setperm and chown.
> 
> For setperm?

It changes an attribute of a key, for which you have DAC checks, therefore 
you could assume that we'd also want MAC checks.

> > > > All users of key_permission() need to propagate the error code from the 
> > > > LSM back to the user.
> > > 
> > > Really? Why?
> > 
> > Because the LSM has final say on the error code returned to the caller.  
> > If the LSM runs out of memory, for example, it's silly to return -EACCES.
> > 
> > > Note that the fact that key_permission() fails for a key is sometimes
> > > ignored, such as when I'm doing a search and one potentially matching key
> > > fails, but a subsequent matching key passes.
> > 
> > Ok, that sounds like an internal issue to be resolved, ensuring that if 
> > you are returning to the caller, the LSM's error code is returned.
> 
> But which LSM error code?
> 
> Let me explain what I mean:

[snipped]

Thanks for the detailed explanation.

Not sure yet how we'll avoid generating spurious SELinux denial messages.

> Only if all these fail does the whole thing fail with the highest priority
> error. Note that several errors may have come from LSM.
> 
> The error priority should be:
> 
> 	EKEYREVOKED > EKEYEXPIRED > ENOKEY
> 
> EACCES/EPERM should only really be returned on a direct keyring search where
> the basal keyring doesn't have Search permission.

Ok, if a failure of this nature is generated by an LSM, we need to return 
the LSM's error code (e.g. ask the LSM for search permission and it 
returns -ENOMEM).

> The fact that I couldn't find a key because I didn't have permission to find
> it probably shouldn't cause an immediate abort of the search with an error, or
> any error other than ENOKEY/EKEYREVOKED/EKEYEXPIRED, unless I'm not permitted
> to request a new key.

Ok.


- James
-- 
James Morris
<[email protected]>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management
    • From: James Morris <[email protected]>
  • Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management
    • From: James Morris <[email protected]>
  • [PATCH] Keys: Add LSM hooks for key management
    • From: David Howells <[email protected]>
  • Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management
    • From: David Howells <[email protected]>
  • Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management
    • From: David Howells <[email protected]>

• Prev by Date: Re: [PATCH] Documentation: ksymoops should no longer be used to decode Oops messages
• Next by Date: Re: 2.6.14-rc3-rt9 - a few xruns misses
• Previous by thread: Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management
• Next by thread: Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]