diff options
Diffstat (limited to 'Documentation/security')
-rw-r--r-- | Documentation/security/credentials.rst | 10 | ||||
-rw-r--r-- | Documentation/security/keys/core.rst | 2 | ||||
-rw-r--r-- | Documentation/security/keys/trusted-encrypted.rst | 2 |
3 files changed, 9 insertions, 5 deletions
diff --git a/Documentation/security/credentials.rst b/Documentation/security/credentials.rst index 282e79feee6a..d9387209d143 100644 --- a/Documentation/security/credentials.rst +++ b/Documentation/security/credentials.rst @@ -453,9 +453,9 @@ still at this point. When replacing the group list, the new list must be sorted before it is added to the credential, as a binary search is used to test for -membership. In practice, this means :c:func:`groups_sort` should be -called before :c:func:`set_groups` or :c:func:`set_current_groups`. -:c:func:`groups_sort)` must not be called on a ``struct group_list`` which +membership. In practice, this means groups_sort() should be +called before set_groups() or set_current_groups(). +groups_sort() must not be called on a ``struct group_list`` which is shared as it may permute elements as part of the sorting process even if the array is already sorted. @@ -548,6 +548,10 @@ pointer will not change over the lifetime of the file struct, and nor will the contents of the cred struct pointed to, barring the exceptions listed above (see the Task Credentials section). +To avoid "confused deputy" privilege escalation attacks, access control checks +during subsequent operations on an opened file should use these credentials +instead of "current"'s credentials, as the file may have been passed to a more +privileged process. Overriding the VFS's Use of Credentials ======================================= diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst index cdc42ccc12e4..aa0081685ee1 100644 --- a/Documentation/security/keys/core.rst +++ b/Documentation/security/keys/core.rst @@ -912,7 +912,7 @@ The keyctl syscall functions are: One application of restricted keyrings is to verify X.509 certificate chains or individual certificate signatures using the asymmetric key type. - See Documentation/crypto/asymmetric-keys.txt for specific restrictions + See Documentation/crypto/asymmetric-keys.rst for specific restrictions applicable to the asymmetric key type. diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst index 50ac8bcd6970..9483a7425ad5 100644 --- a/Documentation/security/keys/trusted-encrypted.rst +++ b/Documentation/security/keys/trusted-encrypted.rst @@ -200,7 +200,7 @@ Load an encrypted key "evm" from saved blob:: 24717c64 5972dcb82ab2dde83376d82b2e3c09ffc Other uses for trusted and encrypted keys, such as for disk and file encryption -are anticipated. In particular the new format 'ecryptfs' has been defined in +are anticipated. In particular the new format 'ecryptfs' has been defined in order to use encrypted keys to mount an eCryptfs filesystem. More details about the usage can be found in the file ``Documentation/security/keys/ecryptfs.rst``. |