eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-07 00:40:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Drop setting kernel key permissions.

Browse Source 
Libcryptsetup should not set such permissions. All
the issues it aims to solve can be workaround by
caller linking the key in appropriate keyring
first and moving it in final destination later.
This commit is contained in:
Ondrej Kozina
2023-09-19 15:18:10 +02:00
committed by Milan Broz
parent 51a1e218cf
commit 05634f272c
1 changed files with 0 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/utils_keyring.c
View File

@@ -80,16 +80,6 @@ static long keyctl_read(key_serial_t key, char *buffer, size_t buflen)
return syscall(__NR_keyctl, KEYCTL_READ, key, buffer, buflen);
}
/* key handle permissions mask */
typedef uint32_t key_perm_t;
#define KEY_POS_ALL 0x3f000000
#define KEY_USR_ALL 0x003f0000
static long keyctl_setperm(key_serial_t id, key_perm_t perm)
{
return syscall(__NR_keyctl, KEYCTL_SETPERM, id, perm);
}
/* keyctl_link */
static long keyctl_link(key_serial_t key, key_serial_t keyring)
{
@@ -466,11 +456,6 @@ int keyring_add_key_to_custom_keyring(key_type_t ktype,
if (kid < 0)
return -errno;
/* FIXME: could we delegate it to the caller? */
// see https://mjg59.dreamwidth.org/37333.html
if (keyring_to_link == KEY_SPEC_USER_KEYRING || keyring_to_link == KEY_SPEC_USER_SESSION_KEYRING)
keyctl_setperm(kid, KEY_POS_ALL | KEY_USR_ALL);
return 0;
}