Bug 173493 - Permit key management to request already running process to instantiate a key
Permit key management to request already running process to instantiate a key
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Howells
Brian Brock
: FutureFeature
Depends On:
Blocks: 168429 174410
  Show dependency treegraph
Reported: 2005-11-17 11:16 EST by David Howells
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2006-0132
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-03-07 15:49:58 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch to permit keys to be instantiated by an already running process (31.57 KB, patch)
2005-11-17 11:25 EST, David Howells
no flags Details | Diff

  None (edit)
Description David Howells 2005-11-17 11:16:58 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.4; Linux) KHTML/3.4.2 (like Gecko)

Description of problem:
The attached patch permits keys of certain types to be instantiated by an  
already running process. This facility has been requested for NFSv4 so that it  
can contact gssapid or similar. 
The patch makes the following changes: 
 (1) A new, optional key type method has been added. This permits a key type 
     to intercept requests at the point /sbin/request-key is about to be 
     spawned and do something else with them - passing them over the 
     rpc_pipefs files or netlink sockets for instance. 
     The uninstantiated key, the authorisation key and the intended operation 
     name are passed to the method. 
 (2) The callout_info is no longer passed as an argument to /sbin/request-key 
     to prevent unauthorised viewing of this data using ps or by looking in 
     This means that the old /sbin/request-key program will not work with the 
     patched kernel as it will expect to see an extra argument that is no 
     longer there. 
     A revised keyutils package will be made available tomorrow. 
 (3) The callout_info is now attached to the authorisation key. Reading this 
     key will retrieve the information. 
 (4) A new field has been added to the task_struct. This holds the 
     authorisation key currently active for a thread. Searches now look here 
     for the caller's set of keys rather than looking for an auth key in the 
     lowest level of the session keyring. 
     This permits a thread to be servicing multiple requests at once and to 
     switch between them. Note that this is per-thread, not per-process, and 
     so is usable in multithreaded programs. 
     The setting of this field is inherited across fork and exec. 
 (5) A new keyctl function (KEYCTL_ASSUME_AUTHORITY) has been added that 
     permits a thread to assume the authority to deal with an uninstantiated 
     key. Assumption is only permitted if the authorisation key associated 
     with the uninstantiated key is somewhere in the thread's keyrings. 
     This function can also clear the assumption. 
 (6) A new magic key specifier has been added to refer to the currently 
     assumed authorisation key (KEY_SPEC_REQKEY_AUTH_KEY). 
 (7) Instantiation will only proceed if the appropriate authorisation key is 
     assumed first. The assumed authorisation key is discarded if 
     instantiation is successful. 
 (8) key_validate() is moved from the file of request_key functions to the 
     file of permissions functions. 
 (9) The documentation is updated. 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Install a key type (such as an NFSv4 key when available) that supports key 
instantiation in a running process and then issue a keyctl request2 for a key 
of that key type or, if it's NFSv4, open a file on that filesystem. 

Additional info:

This patch is upstream in Andrew Morton's kernel.  
The keyutils and glibc-kernheaders will need updating for the facility 
provided by this patch to become available. 
Note that applying this patch will break /sbin/request-key as the invoker can 
no longer pass callout_info on the command line, but will instead store it in 
the authorisation key.
Comment 1 David Howells 2005-11-17 11:25:02 EST
Created attachment 121196 [details]
Patch to permit keys to be instantiated by an already running process
Comment 6 Red Hat Bugzilla 2006-03-07 15:49:58 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.