Red Hat Bugzilla – Bug 174417
Don't pass security data on the command line
Last modified: 2007-11-30 17:07:21 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.4; Linux) KHTML/3.4.2 (like Gecko)
Description of problem:
When the kernel invokes /sbin/request-key it passes the callout information on
the command line.
When keyctl is invoked to add, update or instantiate a key, the payload data
for the key is passed on the command line.
This means the data can be read with ps or by looking in /proc.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Any one of:
keyctl request2 user debug:uuuu xxxxxx @s
keyctl add user a data @s
keyctl update <key> data
keyctl instantiate <key> data @t
The kernel patch attached to bug 173493 and the keyutils change for bug 174410
permits the /sbin/request-key problem to be avoided as the callout info is
passed in the authorisation key rather than on the command line.
I have implementations of alternate keyctl commands for the other three cases
that involve passing the data over stdin instead of by command line:
echo -n data | keyctl padd user a @s
echo -n data | keyctl pupdate <key>
echo -n data | keyctl pinstantiate <key> @t
I also have a change by which /sbin/request-key can run a program at the end
of pipes, passing the callout info to it over its stdin and retrieving the
payload with which the key is to be instantiated from its stdout.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.