fscrypt.git/security, branch v0.2.1 Go tool for managing Linux filesystem encryption security: Change user keyring lookup algorithm 2017-09-01T07:53:07+00:00 Joseph Richey joerichey94@gmail.com 2017-09-01T07:53:07+00:00 1ce72a7367967152948dbe332ea8d9834f194c27 Now instead of spawning a seperate thread we alternate between changing the euid and ruid to both find the keyring and link it to the process keyring. Note that we also ensure that the user keyring is linked into the root keyring whenever possible. 
Now instead of spawning a seperate thread we alternate between changing
the euid and ruid to both find the keyring and link it to the process
keyring. Note that we also ensure that the user keyring is linked into
the root keyring whenever possible.
security: No more permenant privilege dropping 2017-09-01T07:50:42+00:00 Joseph Richey joerichey94@gmail.com 2017-09-01T07:50:42+00:00 d5f64c1ecd8f13f01681d0a18b8f3174ff9bd225 This was creating an issue becasuse fully dropping privileges required spawning a goroutine and using rutime.DropOSThread(). 
This was creating an issue becasuse fully dropping privileges required
spawning a goroutine and using rutime.DropOSThread().
security: Error if privilege reset goes wrong 2017-08-31T19:09:26+00:00 Joe Richey joerichey@google.com 2017-08-31T19:09:26+00:00 f1bd511fff8e411687001bd8e76e8a41c9f5ff41 






Fixed linter issues
2017-08-31T18:29:30+00:00

Joe Richey
joerichey@google.com

2017-08-31T18:29:30+00:00

5586bc35fbb33f20c38f52285c19c015b804ea94












security: Rewrite of keryings and permissions
2017-08-31T00:51:05+00:00

Joe Richey
joerichey@google.com

2017-08-31T00:51:05+00:00

7888645ab68ed0510ff66121f35630b11976a09f

The keyring lookup functions no longer read from /proc/keys. Now they
simply spawn a thread, drop privs, and check with GetKeyringID and
KEY_SPEC_USER_KEYRING. See userKeyringID() for more info.

The privileges functions have also been changed. Now the concept of
setting privileges is seperate form the concept of setting up the
keyrings.





The keyring lookup functions no longer read from /proc/keys. Now they
simply spawn a thread, drop privs, and check with GetKeyringID and
KEY_SPEC_USER_KEYRING. See userKeyringID() for more info.

The privileges functions have also been changed. Now the concept of
setting privileges is seperate form the concept of setting up the
keyrings.







security: fscrypt now possesses the user keyring
2017-08-24T06:46:54+00:00

Joseph Richey
joerichey94@gmail.com

2017-08-24T06:46:54+00:00

7fbff9a4d531e33f3d7c7e0b9871c2e19a55bace












Added some documentation and improved security API
2017-08-23T19:29:10+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-08-23T19:29:10+00:00

b15792b8d7c197d84970415fd2525c51aee3996c












security: Moved cache dropping function
2017-08-22T19:53:26+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-08-22T19:52:41+00:00

32c9be59a2485ef44ac4b3accc2f102cf2eb5a39












security: Fixed typo and improved error handling
2017-08-22T18:32:03+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-08-22T18:32:03+00:00

50256fab010adfde1b349160460659fb03d8c8ac












cmd/fscrypt: purge command now clears cache
2017-08-18T05:49:44+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-08-16T01:11:29+00:00

151e8965fa3a9c8f65e316430f9df0fa763fb02d