[PATCH] Keys: Possessor permissions should be additive This patch makes the possessor permissions on a key additive with user/group/other permissions on the same key. This permits extra rights to be granted to the possessor of a key without taking away any rights conferred by them owning the key or having common group membership. Signed-Off-By: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

commit: 7ab501db8cb6659efdf04034e0de6b44c059a51b [log] [tgz]
author: David Howells <dhowells@redhat.com> Fri Oct 07 16:41:24 2005 +0100
committer: Linus Torvalds <torvalds@g5.osdl.org> Sat Oct 08 14:54:48 2005 -0700
tree: cdcf34873ab91219e17b265610a83bea213ec3c4
parent: 468ed2b0c85ec4310b429e60358213b6d077289e [diff] [blame]
diff --git a/security/keys/permission.c b/security/keys/permission.c
index 1c36516..03db073 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c

@@ -27,12 +27,6 @@
 
 	key = key_ref_to_ptr(key_ref);
 
-	/* use the top 8-bits of permissions for keys the caller possesses */
-	if (is_key_possessed(key_ref)) {
-		kperm = key->perm >> 24;
-		goto use_these_perms;
-	}
-
 	/* use the second 8-bits of permissions for keys the caller owns */
 	if (key->uid == context->fsuid) {
 		kperm = key->perm >> 16;
@@ -61,6 +55,12 @@
 	kperm = key->perm;
 
 use_these_perms:
+	/* use the top 8-bits of permissions for keys the caller possesses
+	 * - possessor permissions are additive with other permissions
+	 */
+	if (is_key_possessed(key_ref))
+		kperm |= key->perm >> 24;
+
 	kperm = kperm & perm & KEY_ALL;
 
 	return kperm == perm;
commit	7ab501db8cb6659efdf04034e0de6b44c059a51b	[log] [tgz]
author	David Howells <dhowells@redhat.com>	Fri Oct 07 16:41:24 2005 +0100
committer	Linus Torvalds <torvalds@g5.osdl.org>	Sat Oct 08 14:54:48 2005 -0700
tree	cdcf34873ab91219e17b265610a83bea213ec3c4
parent	468ed2b0c85ec4310b429e60358213b6d077289e [diff] [blame]