keys: Fix request_key() lack of Link perm check on found key

The request_key() syscall allows a process to gain access to the 'possessor' permits of any key that grants it Search permission by virtue of request_key() not checking whether a key it finds grants Link permission to the caller. Signed-off-by: David Howells <dhowells@redhat.com>
author: David Howells <dhowells@redhat.com> 2019-06-19 16:10:15 +0100
committer: David Howells <dhowells@redhat.com> 2019-06-19 16:10:15 +0100
commit: 504b69eb3c95180bc59f1ae9096ad4b10bbbf254 (patch)
tree: f5d752709a378e608c13e3c517fa57fc49ad2fe9 /Documentation/security
parent: 45e0f30c30bb131663fbe1752974d6f2e39611e2 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
index 823d29bf44f7..82dd457ff78d 100644
--- a/Documentation/security/keys/core.rst
+++ b/Documentation/security/keys/core.rst
@@ -433,6 +433,10 @@ The main syscalls are:
      /sbin/request-key will be invoked in an attempt to obtain a key. The
      callout_info string will be passed as an argument to the program.
 
+     To link a key into the destination keyring the key must grant link
+     permission on the key to the caller and the keyring must grant write
+     permission.
+
      See also Documentation/security/keys/request-key.rst.
author	David Howells <dhowells@redhat.com>	2019-06-19 16:10:15 +0100
committer	David Howells <dhowells@redhat.com>	2019-06-19 16:10:15 +0100
commit	504b69eb3c95180bc59f1ae9096ad4b10bbbf254 (patch)
tree	f5d752709a378e608c13e3c517fa57fc49ad2fe9 /Documentation/security
parent	45e0f30c30bb131663fbe1752974d6f2e39611e2 (diff)