Eric Biggers wrote:
> Well, maybe. Whitelists are hard to get right, and it would be a bit ugly
> having to check the name in both add_key() and join_session_keyring(). And
> hopefully that would be everything?
Actually, having thought about it some more, I think your way is better.
> I think
On Tue, Sep 19, 2017 at 05:05:20PM +0100, David Howells wrote:
> Eric Biggers wrote:
>
> > Fix it by marking user and user session keyrings with a flag
> > KEY_FLAG_UID_KEYRING. Then, when searching for a user or user session
> > keyring by name, skip all keyrings that don't have the flag set.
>
Eric Biggers wrote:
> Fix it by marking user and user session keyrings with a flag
> KEY_FLAG_UID_KEYRING. Then, when searching for a user or user session
> keyring by name, skip all keyrings that don't have the flag set.
I wonder if it's better just to reject attempts to manually create/join
k
3 matches
Mail list logo
