]> git.apps.os.sepia.ceph.com Git - fscrypt.git/commit
projects / fscrypt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3022c16) | patch
Ensure keyring privilege changes are reversible
authorJoe Richey joerichey@google.com <joerichey@google.com>
Wed, 22 Aug 2018 12:23:00 +0000 (05:23 -0700)
committerJoe Richey joerichey@google.com <joerichey@google.com>
Thu, 23 Aug 2018 18:00:34 +0000 (11:00 -0700)
commit315f9b042237200174a1fb99427f74027e191d66
tree8451aa6f72e232ce1ebdb7d79e393f4de26cc0a6tree | snapshot
parent3022c1603d968c22f147b4a2c49c4637dd1be91bcommit | diff
Ensure keyring privilege changes are reversible

This change makes sure that, when we set the ruid and euid in order to
get the user keyring linked into the current process keyring, we will
always be able to reverse these changes (using a suid of 0).

This fixes an issue where "su <user>" would result in a system error
when called by an unprivileged user. It also explains exactly how and
why we are making these privilege changes.
security/keyring.go diff | blob | history
security/privileges.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.