Skip to content

Commit

Permalink
[PATCH] Keys: Possessor permissions should be additive
Browse files Browse the repository at this point in the history
This patch makes the possessor permissions on a key additive with
user/group/other permissions on the same key.

This permits extra rights to be granted to the possessor of a key without
taking away any rights conferred by them owning the key or having common group
membership.

Signed-Off-By: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
  • Loading branch information
David Howells authored and Linus Torvalds committed Oct 8, 2005
1 parent 468ed2b commit 7ab501d
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions security/keys/permission.c
Original file line number Diff line number Diff line change
Expand Up @@ -27,12 +27,6 @@ int key_task_permission(const key_ref_t key_ref,

key = key_ref_to_ptr(key_ref);

/* use the top 8-bits of permissions for keys the caller possesses */
if (is_key_possessed(key_ref)) {
kperm = key->perm >> 24;
goto use_these_perms;
}

/* use the second 8-bits of permissions for keys the caller owns */
if (key->uid == context->fsuid) {
kperm = key->perm >> 16;
Expand Down Expand Up @@ -61,6 +55,12 @@ int key_task_permission(const key_ref_t key_ref,
kperm = key->perm;

use_these_perms:
/* use the top 8-bits of permissions for keys the caller possesses
* - possessor permissions are additive with other permissions
*/
if (is_key_possessed(key_ref))
kperm |= key->perm >> 24;

kperm = kperm & perm & KEY_ALL;

return kperm == perm;
Expand Down

0 comments on commit 7ab501d

Please sign in to comment.