summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2009-09-02 10:13:50 +0200
committerJames Morris <jmorris@namei.org>2009-09-02 13:29:06 +0200
commit0c2c9a3fc77e8b60d43d9bd2ca46eb4dddb0ff76 (patch)
treee718aa64ab3b5d4fd73f7a837ee9ea0debfcc773 /security
parentKEYS: Deal with dead-type keys appropriately [try #6] (diff)
downloadlinux-0c2c9a3fc77e8b60d43d9bd2ca46eb4dddb0ff76.tar.xz
linux-0c2c9a3fc77e8b60d43d9bd2ca46eb4dddb0ff76.zip
KEYS: Allow keyctl_revoke() on keys that have SETATTR but not WRITE perm [try #6]
Allow keyctl_revoke() to operate on keys that have SETATTR but not WRITE permission, rather than only on keys that have WRITE permission. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/keys/keyctl.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index b85ace218395..1160b644dace 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -343,7 +343,13 @@ long keyctl_revoke_key(key_serial_t id)
key_ref = lookup_user_key(id, 0, KEY_WRITE);
if (IS_ERR(key_ref)) {
ret = PTR_ERR(key_ref);
- goto error;
+ if (ret != -EACCES)
+ goto error;
+ key_ref = lookup_user_key(id, 0, KEY_SETATTR);
+ if (IS_ERR(key_ref)) {
+ ret = PTR_ERR(key_ref);
+ goto error;
+ }
}
key_revoke(key_ref_to_ptr(key_ref));