On Mon, Mar 22, 2021 at 12:57:26PM +0300, Andrey Ryabinin wrote: > keyctl_read_key() has a strange code which allows possessor to read > key's payload regardless of READ permission status: > > $ keyctl add user test test @u > 196773443 > $ keyctl print 196773443 > test > $ keyctl describe 196773443 > 196773443: alswrv-----v------------ 1000 1000 user: test > $ keyctl rdescribe 196773443 > user;1000;1000;3f010000;test > $ keyctl setperm 196773443 0x3d010000 > $ keyctl describe 196773443 > 196773443: alsw-v-----v------------ 1000 1000 user: test > $ keyctl print 196773443 > test > > The last keyctl print should fail with -EACCESS instead of success. > Fix this by removing weird possessor checks. > > Signed-off-by: Andrey Ryabinin <[email protected]>
I wrote a new test. If you include a test into a commit please describe it so that it can be easily executed. Otherwise, it is somewhat useless. Anyway, https://gist.github.com/jarkk0sakkinen/7b417be20cb52ed971a90561192f0883 David, why all of these end up allowing to still print the payload? /Jarkko
