linux-stable.git/Documentation/security, branch v4.16.2 Linux kernel stable tree Documentation: security/credentials.rst: explain need to sort group_list 2018-01-08T21:20:31+00:00 NeilBrown neilb@suse.com 2018-01-02T21:01:15+00:00 0b345d722e07d77866edffcf350449a4607026b6 This patch updates the documentation with the observations that led to commit bdcf0a423ea1 ("kernel: make groups_sort calling a responsibility group_info allocators") and the new behaviour required. Specifically that groups_sort() should be called on a new group_list before set_groups() or set_current_groups() is called. Signed-off-by: NeilBrown <neilb@suse.com> [jc: use proper :c:func: references] Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
This patch updates the documentation with the observations that led
to commit bdcf0a423ea1 ("kernel: make groups_sort calling a
responsibility group_info allocators") and the new behaviour required.
Specifically that groups_sort() should be called on a new group_list
before set_groups() or set_current_groups() is called.

Signed-off-by: NeilBrown <neilb@suse.com>
[jc: use proper :c:func: references]
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
doc: add documentation on printing kernel addresses 2017-12-21T20:39:27+00:00 Tobin C. Harding me@tobin.cc 2017-12-19T21:17:17+00:00 227d1a61ed87033285d187214f305c27895176f9 Hashing addresses printed with printk specifier %p was implemented recently. During development a number of issues were raised regarding leaking kernel addresses to userspace. Other documentation was updated but security/self-protection missed out. Add self-protection documentation regarding printing kernel addresses. Signed-off-by: Tobin C. Harding <me@tobin.cc> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
Hashing addresses printed with printk specifier %p was implemented
recently. During development a number of issues were raised regarding
leaking kernel addresses to userspace. Other documentation was updated but
security/self-protection missed out.

Add self-protection documentation regarding printing kernel addresses.

Signed-off-by: Tobin C. Harding <me@tobin.cc>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
KEYS: fix in-kernel documentation for keyctl_read() 2017-11-15T16:38:44+00:00 Eric Biggers ebiggers@google.com 2017-11-15T16:38:44+00:00 be543dd626c0a23829e9cc1a28e1e3af4cd9ced6 When keyctl_read() is passed a buffer that is too small, the behavior is inconsistent. Some key types will fill as much of the buffer as possible, while others won't copy anything. Moreover, the in-kernel documentation contradicted the man page on this point. Update the in-kernel documentation to say that this point is unspecified. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com> 
When keyctl_read() is passed a buffer that is too small, the behavior is
inconsistent.  Some key types will fill as much of the buffer as
possible, while others won't copy anything.  Moreover, the in-kernel
documentation contradicted the man page on this point.

Update the in-kernel documentation to say that this point is
unspecified.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Documentation: fix security related doc refs 2017-10-12T17:14:40+00:00 Tom Saeger tom.saeger@oracle.com 2017-10-10T17:36:30+00:00 c7f66400f504fd54bda6ec644853c07333e8cb87 Make security document refs valid. Signed-off-by: Tom Saeger <tom.saeger@oracle.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
Make security document refs valid.

Signed-off-by: Tom Saeger <tom.saeger@oracle.com>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
docs: ReSTify table of contents in core.rst 2017-08-30T21:27:58+00:00 Josh Holland anowlcalledjosh@gmail.com 2017-08-23T20:42:32+00:00 33c2f4ec984d8a78f15b9d989968733606512bb2 Sphinx will now generate the table of contents automatically, which avoids having the ToC getting out of sync with the rest of the document. Signed-off-by: Josh Holland <anowlcalledjosh@gmail.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
Sphinx will now generate the table of contents automatically, which
avoids having the ToC getting out of sync with the rest of the document.

Signed-off-by: Josh Holland <anowlcalledjosh@gmail.com>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
docs: Fix paths in security/keys 2017-08-24T19:10:58+00:00 Josh Holland anowlcalledjosh@gmail.com 2017-08-19T15:21:06+00:00 adf31eebd75e9e7c2eda222695637398b3872a68 Several paths in the security/keys documentation were incorrect. Signed-off-by: Josh Holland <anowlcalledjosh@gmail.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
Several paths in the security/keys documentation were incorrect.

Signed-off-by: Josh Holland <anowlcalledjosh@gmail.com>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
KEYS: Add documentation for asymmetric keyring restrictions 2017-07-14T01:01:38+00:00 Mat Martineau mathew.j.martineau@linux.intel.com 2017-07-13T12:17:03+00:00 7228b66aaf723a623e578aa4db7d083bb39546c9 Provide more specific examples of keyring restrictions as applied to X.509 signature chain verification. Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 
Provide more specific examples of keyring restrictions as applied to
X.509 signature chain verification.

Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
docs: Fix some formatting issues in request-key.rst 2017-05-18T16:46:25+00:00 Jonathan Corbet corbet@lwn.net 2017-05-18T16:46:25+00:00 5ea787a7ec6c11240168e92a677f4f2a78dc6586 The white space in the big enumerated list was inconsistent, leading to some strange formatting artifacts. Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
The white space in the big enumerated list was inconsistent, leading to
some strange formatting artifacts.

Signed-off-by: Jonathan Corbet <corbet@lwn.net>
doc: ReSTify keys-trusted-encrypted.txt 2017-05-18T16:33:56+00:00 Kees Cook keescook@chromium.org 2017-05-13T11:51:53+00:00 5395d312dff00d9e94702d28fe1e08dacd1cbe31 Adjusts for ReST markup and moves under keys security devel index. Cc: David Howells <dhowells@redhat.com> Cc: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
Adjusts for ReST markup and moves under keys security devel index.

Cc: David Howells <dhowells@redhat.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
doc: ReSTify keys-request-key.txt 2017-05-18T16:33:51+00:00 Kees Cook keescook@chromium.org 2017-05-13T11:51:52+00:00 3db38ed76890565772fcca3279cc8d454ea6176b Adjusts for ReST markup and moves under keys security devel index. Cc: David Howells <dhowells@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
Adjusts for ReST markup and moves under keys security devel index.

Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>