Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / third_party / upstart / e44d18365d4ad69f96f52edda4b4d7730f79819e
commite44d18365d4ad69f96f52edda4b4d7730f79819e[log] [tgz]
authorGwendal Grignou <gwendal@chromium.org>Fri Feb 03 13:07:36 2017 -0800
committerMike Frysinger <vapier@chromium.org>Sat Nov 14 08:11:56 2020 -0500
tree1466ab529c636716f703b60cfa376d0774ae3c93
parent164e535d0265f1d0e31dc421347bb197bea5e350 [diff]
CHROMIUM: Lock session keyring to root only.

session keyring is set by default to permission 3f3b0000
which means the possessor (every processes) can alter it,
can eventually delete dircrypt keyring.
Instead, change permission to 1b3f0000: only root have full
access, everyone else can just read, view and search the ring.

BUG=chromium:347322
TEST=Check the permission of the session keyring:
keyctl describe @s
       -3: -ls-rvalswrv------------     0     0 keyring: _ses
Check root as full access:
keyctl show @s
Keyring
 285078499 --alswrv      0     0  keyring: _ses
 ...

But others can just list, serach, read and view.
sudo -u chronos keyctl show @s
Keyring
 285078499 ---ls-rv      0     0  keyring: _ses
 ...

Reviewed-on: https://chromium-review.googlesource.com/437658
Change-Id: I03aad1c057b20f5344e74bcbe2388c7626bff471
1 file changed
tree: 1466ab529c636716f703b60cfa376d0774ae3c93
  1. conf/
  2. contrib/
  3. dbus/
  4. doc/
  5. extra/
  6. init/
  7. po/
  8. util/
  9. .bzrignore
  10. AUTHORS
  11. ChangeLog
  12. configure.ac
  13. COPYING
  14. HACKING
  15. Makefile.am
  16. NEWS
  17. README
  18. TODO