Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
GfA
/
linux_kernel
5
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Эх сурвалжийг харах

KEYS: Make the system 'trusted' keyring viewable by userspace

Give the root user the ability to read the system keyring and put read
permission on the trusted keys added during boot.  The latter is actually more
theoretical than real for the moment as asymmetric keys do not currently
provide a read operation.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Mimi Zohar 12 жил өмнө
parent
cd0421dcd0
commit
af34cb0c3d
1 өөрчлөгдсөн 3 нэмэгдсэн , 3 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 3 3
      kernel/system_keyring.c

+ 3 - 3
kernel/system_keyring.c
Файл харах 

@@ -35,7 +35,7 @@ static __init int system_trusted_keyring_init(void)
 
 		keyring_alloc(".system_keyring",
 
 			      KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
 
 			      ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
 
-			       KEY_USR_VIEW | KEY_USR_READ),
 
+			      KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
 
 			      KEY_ALLOC_NOT_IN_QUOTA, NULL);
 
 	if (IS_ERR(system_trusted_keyring))
 
 		panic("Can't allocate system trusted keyring\n");
 
@@ -81,8 +81,8 @@ static __init int load_system_certificate_list(void)
 
 					   NULL,
 
 					   p,
 
 					   plen,
 
-					   (KEY_POS_ALL & ~KEY_POS_SETATTR) |
 
-					   KEY_USR_VIEW,
 
+					   ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
 
+					   KEY_USR_VIEW | KEY_USR_READ),
 
 					   KEY_ALLOC_NOT_IN_QUOTA |
 
 					   KEY_ALLOC_TRUSTED);
 
 		if (IS_ERR(key)) {