Re: [PATCH 4/4] KEYS: Add keyctl function to get a security label

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: David Howells

Subject: Re: [PATCH 4/4] KEYS: Add keyctl function to get a security label

Date: Wednesday, February 13, 2008 - 5:38 am

Andrew Morton <akpm@linux-foundation.org> wrote:

quoted text> > +	key_ref = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW);
> > +	if (IS_ERR(key_ref)) {
> > +		if (PTR_ERR(key_ref) != -EACCES)
> > +			return PTR_ERR(key_ref);
> > +
> > +		/* viewing a key under construction is also permitted if we
> > +		 * have the authorisation token handy */
> > +		instkey = key_get_instantiation_authkey(keyid);
> > +		if (IS_ERR(instkey))
> > +			return PTR_ERR(key_ref);
> > +		key_put(instkey);
> 
> This check looks a wee bit racy?

It's not particularly racy.  Admittedly there's a tiny window in which we can
retrieve the security label of a key for which we had an authorisation token
that got revoked just as we completed our access checks on it.  Does this
matter?

David
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 1/4] KEYS: Increase the payload size when instantia ..., David Howells, (Fri Feb 8, 9:04 am)

[PATCH 2/4] KEYS: Check starting keyring as part of search, David Howells, (Fri Feb 8, 9:04 am)

[PATCH 3/4] KEYS: Allow the callout data to be passed as a ..., David Howells, (Fri Feb 8, 9:04 am)

[PATCH 4/4] KEYS: Add keyctl function to get a security label, David Howells, (Fri Feb 8, 9:04 am)

Re: [PATCH 2/4] KEYS: Check starting keyring as part of search, Andrew Morton, (Tue Feb 12, 4:47 pm)

Re: [PATCH 4/4] KEYS: Add keyctl function to get a securit ..., Andrew Morton, (Tue Feb 12, 4:51 pm)

Re: [PATCH 2/4] KEYS: Check starting keyring as part of search, David Howells, (Wed Feb 13, 5:35 am)

Re: [PATCH 4/4] KEYS: Add keyctl function to get a securit ..., David Howells, (Wed Feb 13, 5:38 am)


linux-kernel:
Ingo Molnar	Re: [PATCH 0/3] v2 Make hierarchical RCU less IPI-happy and add more tracing
Jeremy Fitzhardinge	Re: Linux 2.6.28.10 and Linux 2.6.29.6 XEN Guest Support Broken x86_64 in BUILD
Nick Piggin	Re: [patch] CFS (Completely Fair Scheduler), v2
Gary Hade	Re: [PATCH 0/5][RFC] Physical PCI slot objects
Dave Johnson	Re: expected behavior of PF_PACKET on NETIF_F_HW_VLAN_RX device?
linux-netdev:
Arnd Bergmann	Re: 64-bit net_device_stats
Stephens, Allan	RE: [PATCH]: tipc: Fix oops on send prior to entering networked mode
frank.blaschka	[patch 3/5] [PATCH] qeth: support z/VM VSWITCH Port Isolation
Wu Fengguang	Re: [PATCH] dm9601: handle corrupt mac address
David Miller	Re: [PATCH net-2.6.24] Fix refcounting problem with netif_rx_reschedule()
git:
Junio C Hamano	Re: [PATCH] [RFC] add Message-ID field to log on git-am operation
Junio C Hamano	Re: Handling large files with GIT
Karl	Re: [ANNOUNCE] pg - A patch porcelain for GIT
Josh Triplett	Re: [RFC][PATCH 00/10] Sparse: Git's "make check" target
Pierre Habouzit	Re: [PATCH] git-daemon: more powerful base-path/user-path settings, using formats.
git-commits-head:
Linux Kernel Mailing List	MIPS: RBTX4939: Fix IOC pin-enable register updating
Linux Kernel Mailing List	regulator: update email address for Liam Girdwood
Linux Kernel Mailing List	[SCSI] ipr: add message to error table
Linux Kernel Mailing List	powerpc/32: Wire up the trampoline code for kdump
Linux Kernel Mailing List	USB: omap_udc: sync with OMAP tree
openbsd-misc:
Josh Grosse	Re: error : pkg add phpMyAdmin
Brian Candler	Re: OBSD's perspective on SELinux
Jacob Meuser	Re: /dev/audio: Device busy
David Vasek	Re: Inexpensive, low power, "wall wart" computer
William Boshuck	Re: Richard Stallman...