Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / e51f6d343789a4f0a2a7587ad7ec7746969d5c1c
commite51f6d343789a4f0a2a7587ad7ec7746969d5c1c[log] [tgz]
authorMichael LeMay <mdlemay@epoch.ncsc.mil>Mon Jun 26 00:24:54 2006 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>Mon Jun 26 09:58:18 2006 -0700
tree39ca4e05c0dda995f3eaaea1aaa2c8689003f1d0
parent5801649d8b83e7cb9b15839761bdee594653c294 [diff]
[PATCH] keys: allocate key serial numbers randomly

Cause key_alloc_serial() to generate key serial numbers randomly rather than
in linear sequence.

Using an linear sequence permits a covert communication channel to be
established, in which one process can communicate with another by creating or
not creating new keys within a certain timeframe.  The second process can
probe for the expected next key serial number and judge its existence by the
error returned.

This is a problem as the serial number namespace is globally shared between
all tasks, regardless of their context.

For more information on this topic, this old TCSEC guide is recommended:

	http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-030.html

Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
1 file changed
tree: 39ca4e05c0dda995f3eaaea1aaa2c8689003f1d0
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. fs/
  7. include/
  8. init/
  9. ipc/
  10. kernel/
  11. lib/
  12. mm/
  13. net/
  14. scripts/
  15. security/
  16. sound/
  17. usr/
  18. .gitignore
  19. COPYING
  20. CREDITS
  21. Kbuild
  22. MAINTAINERS
  23. Makefile
  24. README
  25. REPORTING-BUGS