fscrypt.git/security/keyring.go, branch chr-fork-doc-02 Go tool for managing Linux filesystem encryption Add keyring package 2020-01-05T18:02:13+00:00 Eric Biggers ebiggers@google.com 2019-12-16T03:31:39+00:00 462d166d5355d33a05271d24de4d52f30dd62f67 In preparation for introducing support for the new filesystem-level keyrings, move the existing user keyring management code from security/keyring.go and crypto/crypto.go into a new package, 'keyring'. This package provides functions AddEncryptionKey, RemoveEncryptionKey, and GetEncryptionKeyStatus which delegate to either the filesystem keyring (added by a later patch) or to the user keyring. This provides a common interface to both types of keyrings, to the extent possible. 
In preparation for introducing support for the new filesystem-level
keyrings, move the existing user keyring management code from
security/keyring.go and crypto/crypto.go into a new package, 'keyring'.

This package provides functions AddEncryptionKey, RemoveEncryptionKey,
and GetEncryptionKeyStatus which delegate to either the filesystem
keyring (added by a later patch) or to the user keyring.  This provides
a common interface to both types of keyrings, to the extent possible.
keyring: fix permission denied accessing user keyring (#177) 2019-12-16T03:10:41+00:00 ebiggers ebiggers@google.com 2019-12-16T03:10:41+00:00 55f71606b71f43bd64b7b4394a631f1e05e36f79 When userKeyringIDLookup() looks up a user keyring, it links it into the process keyring to ensure that the process retains the "possessor privileges" over the user keyring, then caches the user keyring's ID. Unfortunately, this use of the process keyring randomly fails because Go creates threads before even init() and main() are run, and then can run code on them later. Since the kernel doesn't create the process keyring until userspace requests it and the process keyring is actually a per-thread property that's only inherited by new threads, different threads in a Go process may see different process keyrings. Fix this by removing the user keyring cache, switching from the process keyring to the thread keyring, and using LockOSThread() to pin the goroutine to an OS thread while needed to perform a keyring operation. Resolves https://github.com/google/fscrypt/issues/176 
When userKeyringIDLookup() looks up a user keyring, it links it into the
process keyring to ensure that the process retains the "possessor
privileges" over the user keyring, then caches the user keyring's ID.

Unfortunately, this use of the process keyring randomly fails because Go
creates threads before even init() and main() are run, and then can run
code on them later.  Since the kernel doesn't create the process keyring
until userspace requests it and the process keyring is actually a
per-thread property that's only inherited by new threads, different
threads in a Go process may see different process keyrings.

Fix this by removing the user keyring cache, switching from the process
keyring to the thread keyring, and using LockOSThread() to pin the
goroutine to an OS thread while needed to perform a keyring operation.

Resolves https://github.com/google/fscrypt/issues/176
 Rename some variables from 'target' to 'targetUser' 2019-11-27T19:40:47+00:00 Eric Biggers ebiggers@google.com 2019-11-27T19:40:47+00:00 03d3a29b70c85f083adf3c12cba60c0374f06d3e Refer to the target User as 'targetUser' rather than simply 'target'. This will help avoid confusion when we add support for the filesystem keyring, since then the Mount will also be a "target". 
Refer to the target User as 'targetUser' rather than simply 'target'.
This will help avoid confusion when we add support for the filesystem
keyring, since then the Mount will also be a "target".
Fix various typos and grammatical errors (#141) 2019-09-09T02:46:59+00:00 ebiggers ebiggers@google.com 2019-09-09T02:46:59+00:00 6445dad7d66fa6a1867090fcd9602c98863649f6 These were found by a combination of manual review and a custom script that checks for common errors. Also removed an outdated sentence from the comment for setupBefore(). 
These were found by a combination of manual review and a custom script
that checks for common errors.

Also removed an outdated sentence from the comment for setupBefore().
 feat(spell-check): add make command for spell check. 2018-09-01T19:47:27+00:00 Deepesh Pathak deepshpathak@gmail.com 2018-09-01T19:47:27+00:00 f270dfadb9af9e81ae4c884a3ea45ca4618a7a05 * Remove spelling mistakes in the repository * Add travis script to check for typos. * Add command to Makefile to check for typos. * Fixes #71 
* Remove spelling mistakes in the repository
* Add travis script to check for typos.
* Add command to Makefile to check for typos.
* Fixes #71
Ensure keyring privilege changes are reversible 2018-08-23T18:00:34+00:00 Joe Richey joerichey@google.com joerichey@google.com 2018-08-22T12:23:00+00:00 315f9b042237200174a1fb99427f74027e191d66 This change makes sure that, when we set the ruid and euid in order to get the user keyring linked into the current process keyring, we will always be able to reverse these changes (using a suid of 0). This fixes an issue where "su <user>" would result in a system error when called by an unprivileged user. It also explains exactly how and why we are making these privilege changes. 
This change makes sure that, when we set the ruid and euid in order to
get the user keyring linked into the current process keyring, we will
always be able to reverse these changes (using a suid of 0).

This fixes an issue where "su <user>" would result in a system error
when called by an unprivileged user. It also explains exactly how and
why we are making these privilege changes.
Fix lint 2017-09-29T10:08:03+00:00 Joseph Richey joerichey94@gmail.com 2017-09-29T10:06:17+00:00 6f6c91993294d9bc753d22f58884dcc8e0a2f108 






security: Add check option to UserKeyringID
2017-09-29T09:52:56+00:00

Joseph Richey
joerichey94@gmail.com

2017-09-29T09:52:56+00:00

4d9372795e7b53d105f69790c1d9deadbff85458












security: Change user keyring lookup algorithm
2017-09-01T07:53:07+00:00

Joseph Richey
joerichey94@gmail.com

2017-09-01T07:53:07+00:00

1ce72a7367967152948dbe332ea8d9834f194c27

Now instead of spawning a seperate thread we alternate between changing
the euid and ruid to both find the keyring and link it to the process
keyring. Note that we also ensure that the user keyring is linked into
the root keyring whenever possible.





Now instead of spawning a seperate thread we alternate between changing
the euid and ruid to both find the keyring and link it to the process
keyring. Note that we also ensure that the user keyring is linked into
the root keyring whenever possible.







security: Error if privilege reset goes wrong
2017-08-31T19:09:26+00:00

Joe Richey
joerichey@google.com

2017-08-31T19:09:26+00:00

f1bd511fff8e411687001bd8e76e8a41c9f5ff41