From: Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx>
KEY_FLAG_KEEP is not meant to be passed to keyring_alloc() nor
key_alloc(), which only takes KEY_ALLOC_* flags. KEY_FLAG_KEEP has the
same value as KEY_ALLOC_BYPASS_RESTRICTION, but fortunately only
key_create_or_update() uses it. LSMs using the key_alloc hook don't
check such flag.
KEY_FLAG_KEEP is then ignored but fortunately (again) the root user
cannot write to the blacklist keyring, then it is not possible to remove
a key/hash from it.
Remove KEY_FLAG_KEEP from the call to keyring_alloc() and set the
keyring flags with it.
This should not fix a bug with the current implementation but it is
required for the next commit to allow to add new hashes to the blacklist
without the possibility to remove them.
Cc: David Howells <dhowells@xxxxxxxxxx>
Cc: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
Signed-off-by: Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx>
---
certs/blacklist.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/certs/blacklist.c b/certs/blacklist.c
index 0d2c959e9422..d1e2f69d91c2 100644
--- a/certs/blacklist.c
+++ b/certs/blacklist.c
@@ -224,11 +224,11 @@ static int __init blacklist_init(void)
(KEY_POS_ALL & ~KEY_POS_SETATTR) |
KEY_USR_VIEW | KEY_USR_READ |
KEY_USR_SEARCH,
- KEY_ALLOC_NOT_IN_QUOTA |
- KEY_FLAG_KEEP,
+ KEY_ALLOC_NOT_IN_QUOTA,
NULL, NULL);
if (IS_ERR(blacklist_keyring))
panic("Can't allocate system blacklist keyring\n");
+ set_bit(KEY_FLAG_KEEP, &blacklist_keyring->flags);
for (bl = blacklist_hashes; *bl; bl++)
if (mark_raw_hash_blacklisted(*bl) < 0)
--
2.29.2
