mirror of https://github.com/mkerrisk/man-pages
2bcf858070
Notes from Eugene: Based on linux v4.9-rc6 (9c763584): * security/keys/keyctl.c, SYSCALL_DEFINE4(request_key, ...), line 158: * Assume that call is performed with with destringid == 0: * We skip check on line 196, so dest_ref remains NULL * On line 213, request_key_and_link is called with key_ref_to_ptr(dest_ref) * key_ref_to_ptr() itself just zeroes lower bit which is used for indication that key reference in the possession of the current context. * security/keys/request_key.c, request_key_and_link, line 508: * On line 543, we try to search process keyrings for the key (we fill ctx at hte beginning of the function and then pass it to search_process_keyrings) * If key is found (key_ref is not erroneous), we convert key_ref to ptr on line 546 and skip the following block on line 547 since dest_keyring is 0. * If key is not found and error is not EAGAIN, then construct_key_and_link is called on line 566 with dest_keyring == NULL. * security/keys/request_key.c, construct_key_and_link, line 430: * On line 450, construct_get_dest_keyring is called with dest_keyring == NULL. * security/keys/request_key.c, construct_get_dest_keyring, line 253: * The argument here (which is pointer to pointer to struct key) is named _dest_keyring, but on line 257 it is dereferenced to local variable dest_keyring (so it stores NULL now). * We re going to the "else" branch (starting from line 266) of check on line 262 * Now we are switching against cred->jit_keyring with the behavour described in the patch. * git grep jit_keyring security/keys reveals that it is assigned inside keyctl_set_reqkey_keyring, security/keys/keyctl.c, line 1257. * keyctl_set_reqkey_keyring is called from SYSCALL_DEFINE5(keyctl, ...), when option passed to keyctl is KEYCTL_SET_REQKEY_KEYRING (line 1652). * Default value for jit_keyring is sort of difficult to find out, since it is inherited, but overall it is explicitly set to KEY_REQKEY_DEFL_THREAD_KEYRING or copied from zeroed-out structures (so it is equal to KEY_REQKEY_DEFL_DEFAULT) which leads to the same behaviour in case the process has not been upcalled by request_key construction. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com> |
||
---|---|---|
man1 | ||
man2 | ||
man3 | ||
man4 | ||
man5 | ||
man6 | ||
man7 | ||
man8 | ||
scripts | ||
Changes | ||
Changes.old | ||
Makefile | ||
README | ||
man-pages-4.10.Announce | ||
man-pages-4.10.lsm |
README
This package contains Linux man pages for sections 2, 3, 4, 5, and 7. Some more information is given in the `Announce' file. Install by copying to your favourite location. "make install" will just copy them to /usr/share/man/man[1-8]. To install to a path different from /usr use "make install prefix=/install/path". "make" will move the pages from this package that are older than the already installed ones to a subdirectory `not_installed', then remove old versions (compressed or not), compress the pages, and copy them to /usr/share/man/man[1-8]. Note that you may have to remove preformatted pages. Note that sometimes these pages are duplicates of pages also distributed in other packages. This has been reported about dlclose.3, dlerror.3, dlopen.3, dlsym.3 (found in ld.so), about resolver.3, resolv.conf.5 (found in bind-utils), and about passwd.5, and mailaddr.7. Be careful not to overwrite more up-to-date versions. Reports on further duplicates are welcome. Formerly present and now removed duplicates: exports.5 (found in nfs-server-2.2*), fstab.5, nfs.5 (found in util-linux-2.12*), lilo.8, lilo.conf.5 (found in lilo-21.6*). Copyrights: These man pages come under various copyrights. All pages are freely distributable when the nroff source is included. If you have corrections and additions to suggest, see http://www.kernel.org/doc/man-pages/contributing.html