summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2005-10-07 17:41:24 +0200
committerLinus Torvalds <torvalds@g5.osdl.org>2005-10-08 23:54:48 +0200
commit7ab501db8cb6659efdf04034e0de6b44c059a51b (patch)
treecdcf34873ab91219e17b265610a83bea213ec3c4 /security
parent[PATCH] Keys: Split key permissions checking into a .c file (diff)
downloadlinux-7ab501db8cb6659efdf04034e0de6b44c059a51b.tar.xz
linux-7ab501db8cb6659efdf04034e0de6b44c059a51b.zip
[PATCH] Keys: Possessor permissions should be additive
This patch makes the possessor permissions on a key additive with user/group/other permissions on the same key. This permits extra rights to be granted to the possessor of a key without taking away any rights conferred by them owning the key or having common group membership. Signed-Off-By: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security')
-rw-r--r--security/keys/permission.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/security/keys/permission.c b/security/keys/permission.c
index 1c3651670ce9..03db073ba45c 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -27,12 +27,6 @@ int key_task_permission(const key_ref_t key_ref,
key = key_ref_to_ptr(key_ref);
- /* use the top 8-bits of permissions for keys the caller possesses */
- if (is_key_possessed(key_ref)) {
- kperm = key->perm >> 24;
- goto use_these_perms;
- }
-
/* use the second 8-bits of permissions for keys the caller owns */
if (key->uid == context->fsuid) {
kperm = key->perm >> 16;
@@ -61,6 +55,12 @@ int key_task_permission(const key_ref_t key_ref,
kperm = key->perm;
use_these_perms:
+ /* use the top 8-bits of permissions for keys the caller possesses
+ * - possessor permissions are additive with other permissions
+ */
+ if (is_key_possessed(key_ref))
+ kperm |= key->perm >> 24;
+
kperm = kperm & perm & KEY_ALL;
return kperm == perm;