Documentation/security/credentials.rst

Source file repositories/reference/linux-study-clean/Documentation/security/credentials.rst

File Facts

System
Linux kernel
Corpus path
Documentation/security/credentials.rst
Extension
.rst
Size
20957 bytes
Lines
560
Domain
Support Tooling And Documentation
Bucket
Documentation
Inferred role
Support Tooling And Documentation: documentation
Status
atlas-only

Why This File Exists

Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.

Dependency Surface

Detected Declarations

Annotated Snippet

if (ret < 0) {
			abort_creds(new);
			return ret;
		}

		return commit_creds(new);
	}


Managing Credentials
--------------------

There are some functions to help manage credentials:

 - ``void put_cred(const struct cred *cred);``

     This releases a reference to the given set of credentials.  If the
     reference count reaches zero, the credentials will be scheduled for
     destruction by the RCU system.

 - ``const struct cred *get_cred(const struct cred *cred);``

     This gets a reference on a live set of credentials, returning a pointer to
     that set of credentials.


Open File Credentials
=====================

When a new file is opened, a reference is obtained on the opening task's
credentials and this is attached to the file struct as ``f_cred`` in place of
``f_uid`` and ``f_gid``.  Code that used to access ``file->f_uid`` and
``file->f_gid`` should now access ``file->f_cred->fsuid`` and
``file->f_cred->fsgid``.

It is safe to access ``f_cred`` without the use of RCU or locking because the
pointer will not change over the lifetime of the file struct, and nor will the
contents of the cred struct pointed to, barring the exceptions listed above
(see the Task Credentials section).

To avoid "confused deputy" privilege escalation attacks, access control checks
during subsequent operations on an opened file should use these credentials
instead of "current"'s credentials, as the file may have been passed to a more
privileged process.

Overriding the VFS's Use of Credentials
=======================================

Under some circumstances it is desirable to override the credentials used by
the VFS, and that can be done by calling into such as ``vfs_mkdir()`` with a
different set of credentials.  This is done in the following places:

 * ``sys_faccessat()``.
 * ``vfs_coredump()``.
 * nfs4recover.c.

Annotation

Implementation Notes