kernel_optimize_test/security
David Howells d7b0efadc3 certs: Fix blacklist flag type confusion
[ Upstream commit 4993e1f9479a4161fd7d93e2b8b30b438f00cb0f ]

KEY_FLAG_KEEP is not meant to be passed to keyring_alloc() or key_alloc(),
as these only take KEY_ALLOC_* flags.  KEY_FLAG_KEEP has the same value as
KEY_ALLOC_BYPASS_RESTRICTION, but fortunately only key_create_or_update()
uses it.  LSMs using the key_alloc hook don't check that flag.

KEY_FLAG_KEEP is then ignored but fortunately (again) the root user cannot
write to the blacklist keyring, so it is not possible to remove a key/hash
from it.

Fix this by adding a KEY_ALLOC_SET_KEEP flag that tells key_alloc() to set
KEY_FLAG_KEEP on the new key.  blacklist_init() can then, correctly, pass
this to keyring_alloc().

We can also use this in ima_mok_init() rather than setting the flag
manually.

Note that this doesn't fix an observable bug with the current
implementation but it is required to allow addition of new hashes to the
blacklist in the future without making it possible for them to be removed.

Fixes: 734114f878 ("KEYS: Add a system blacklist keyring")
Reported-by: Mickaël Salaün <mic@linux.microsoft.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Mickaël Salaün <mic@linux.microsoft.com>
cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-03-04 11:37:59 +01:00
..
apparmor treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
bpf bpf: Implement bpf_local_storage for inodes 2020-08-25 15:00:04 -07:00
integrity certs: Fix blacklist flag type confusion 2021-03-04 11:37:59 +01:00
keys certs: Fix blacklist flag type confusion 2021-03-04 11:37:59 +01:00
loadpin LSM: Add "contents" flag to kernel_read_file hook 2020-10-05 13:37:03 +02:00
lockdown
safesetid LSM: SafeSetID: Fix warnings reported by test bot 2020-10-13 09:17:36 -07:00
selinux selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling 2020-12-30 11:53:03 +01:00
smack Smack: Handle io_uring kernel thread privileges 2020-12-30 11:54:02 +01:00
tomoyo tomoyo: Loosen pathname/domainname validation. 2020-10-12 19:53:34 +09:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
commoncap.c capabilities: Don't allow writing ambiguous v3 file capabilities 2021-03-04 11:37:52 +01:00
device_cgroup.c device_cgroup: Fix RCU list debugging warning 2020-08-20 11:25:03 -07:00
inode.c
Kconfig Replace HTTP links with HTTPS ones: security 2020-08-06 12:00:05 -07:00
Kconfig.hardening
lsm_audit.c dump_common_audit_data(): fix racy accesses to ->d_name 2021-01-19 18:27:29 +01:00
Makefile
min_addr.c
security.c LSM: Add "contents" flag to kernel_read_file hook 2020-10-05 13:37:03 +02:00