diff options
author | David Howells <dhowells@redhat.com> | 2014-07-22 21:55:45 +0100 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2014-07-22 21:55:45 +0100 |
commit | 633706a2ee81637be37b6bc02c5336950cc163b5 (patch) | |
tree | 5dad64c393d3b12276b35c5835c40c6d78f606a2 /security | |
parent | 64724cfc6eea920dbaada14f0fb978b1dd31192d (diff) | |
parent | 0d1f64f60b4c50a8c604010ad3eef5cdfe9926bc (diff) |
Merge branch 'keys-fixes' into keys-next
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/keys/keyctl.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 8a8c2335729..e26f860e5f2 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -406,12 +406,25 @@ long keyctl_invalidate_key(key_serial_t id) key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH); if (IS_ERR(key_ref)) { ret = PTR_ERR(key_ref); + + /* Root is permitted to invalidate certain special keys */ + if (capable(CAP_SYS_ADMIN)) { + key_ref = lookup_user_key(id, 0, 0); + if (IS_ERR(key_ref)) + goto error; + if (test_bit(KEY_FLAG_ROOT_CAN_INVAL, + &key_ref_to_ptr(key_ref)->flags)) + goto invalidate; + goto error_put; + } + goto error; } +invalidate: key_invalidate(key_ref_to_ptr(key_ref)); ret = 0; - +error_put: key_ref_put(key_ref); error: kleave(" = %ld", ret); |