KEYS: Fix encrypted key type update method
The encrypted key type was using the update method to change the master key
used to encrypt a key without passing in all the requisite parameters to
completely replace the key contents (it was taking some parameters from the
old key contents). Unfortunately, this has a number of problems:
(1) Update is conceptually meant to be the same as add_key() except that it
replaces the contents of the nominated key completely rather than creating
a new key.
(2) add_key() can call ->update() if it detects that the key exists. This can
cause the operation to fail if the caller embedded the wrong command in
the payload when they called it. The caller cannot know what the right
command is without someway to lock the keyring.
(3) keyctl_update() and add_key() can thus race with adding, linking,
requesting and unlinking a key.
The best way to fix this is to offload this operation to keyctl_alter() and
make encrypted_update() just replace the contents of a key entirely (or maybe
just not permit updates if this would be a problem).
Signed-off-by: David Howells <dhowells@redhat.com>
2 files changed
