Jan Lübbe <jlu@xxxxxxxxxxxxxx> wrote: > > > ... But at this point, you can still do 'keyctl read' on that key, exposing > > > the key material to user space. > > > > I wonder if it would help to provide a keyctl function to mark a key as being > > permanently unreadable - so that it overrides the READ permission bit. > > > > Alternatively, you can disable READ and SETATTR permission - but that then > > prevents you from removing other perms if you want to :-/ > > That would mean using user type keys, right? Then we'd still have the core > problem how a master key can be protected against simply reading it from > flash/disk, as it would be unencrypted in this scenario. It would apply to any type of key or keyring on which it was set. It would cause keyctl_read() on a flagged key to return EPERM. David
