integrity: prevent loading untrusted certificates on the IMA trusted keyring
authorDmitry Kasatkin <dmitry.kasatkin@gmail.com>
Thu, 10 Sep 2015 19:06:15 +0000 (22:06 +0300)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Fri, 9 Oct 2015 19:31:18 +0000 (15:31 -0400)
commit72e1eed8abb11c79749266d433c817ce36732893
tree6afb6aa08f190047c5d7d15178d3ba56780a5789
parent049e6dde7e57f0054fdc49102e7ef4830c698b46
integrity: prevent loading untrusted certificates on the IMA trusted keyring

If IMA_LOAD_X509 is enabled, either directly or indirectly via
IMA_APPRAISE_SIGNED_INIT, certificates are loaded onto the IMA
trusted keyring by the kernel via key_create_or_update(). When
the KEY_ALLOC_TRUSTED flag is provided, certificates are loaded
without first verifying the certificate is properly signed by a
trusted key on the system keyring.  This patch removes the
KEY_ALLOC_TRUSTED flag.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Cc: <stable@vger.kernel.org> # 3.19+
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
security/integrity/digsig.c