Bug 174417 - Don't pass security data on the command line
Don't pass security data on the command line
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: keyutils (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Howells
Depends On:
Blocks: 168429
  Show dependency treegraph
Reported: 2005-11-28 15:33 EST by David Howells
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHEA-2006-0090
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-03-07 13:53:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2006:0090 qe-ready SHIPPED_LIVE keyutils enhancement update 2006-03-06 00:00:00 EST

  None (edit)
Description David Howells 2005-11-28 15:33:24 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.4; Linux) KHTML/3.4.2 (like Gecko)

Description of problem:
When the kernel invokes /sbin/request-key it passes the callout information on   
the command line.  
When keyctl is invoked to add, update or instantiate a key, the payload data   
for the key is passed on the command line.  
This means the data can be read with ps or by looking in /proc. 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Any one of: 
keyctl request2 user debug:uuuu xxxxxx @s   
keyctl add user a data @s   
keyctl update <key> data   
keyctl instantiate <key> data @t  

Additional info:

The kernel patch attached to bug 173493 and the keyutils change for bug 174410  
permits the /sbin/request-key problem to be avoided as the callout info is  
passed in the authorisation key rather than on the command line.  
I have implementations of alternate keyctl commands for the other three cases  
that involve passing the data over stdin instead of by command line:  
    echo -n data | keyctl padd user a @s 
    echo -n data | keyctl pupdate <key>    
    echo -n data | keyctl pinstantiate <key> @t 
I also have a change by which /sbin/request-key can run a program at the end 
of pipes, passing the callout info to it over its stdin and retrieving the 
payload with which the key is to be instantiated from its stdout.
Comment 5 Red Hat Bugzilla 2006-03-07 13:53:11 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.