keyctl wtf?

2 more wtfs, this time in keyctl pse have a look:


$ keyctl list @u
1 key in keyring:
175445478: –alswrv 0 0 user: d395309aaad4de06
$ keyctl list 175445478
185 keys in keyring:
4: key inaccessible (Required key not available)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
10: key inaccessible (Required key not available)
0: key inaccessible (Invalid argument)
64: key inaccessible (Required key not available)
2: key inaccessible (Required key not available)
90575192: key inaccessible (Required key not available)
-1289718489: key inaccessible (Invalid argument)
1226118138: key inaccessible (Required key not available)
1367941247: key inaccessible (Required key not available)
185619277: key inaccessible (Required key not available)
-395441912: key inaccessible (Invalid argument)
745876651: key inaccessible (Required key not available)
2130504598: key inaccessible (Required key not available)
-837867635: key inaccessible (Invalid argument)
-1322709961: key inaccessible (Invalid argument)
-405937745: key inaccessible (Invalid argument)
-1943943650: key inaccessible (Invalid argument)
1965794927: key inaccessible (Required key not available)
1320268544: key inaccessible (Required key not available)
-172599692: key inaccessible (Invalid argument)
-2138721474: key inaccessible (Invalid argument)
892941156: key inaccessible (Required key not available)
1631137843: key inaccessible (Required key not available)
878993761: key inaccessible (Required key not available)
909141348: key inaccessible (Required key not available)
571539456: key inaccessible (Required key not available)
1716864051: key inaccessible (Required key not available)
119: key inaccessible (Required key not available)
$

The kernel documentation makes it clear:

$$code
Each key is issued a serial number of type key_serial_t that is unique for
the lifetime of that key. All serial numbers are positive non-zero 32-bit
integers.

 Userspace programs can use a key's serial numbers as a way to gain access
 to it, subject to permission checking.

$$/code

So first, if I am not wrong I would have guessed that it should show the key
with the ID 175445478 not all the others. And secondly it looks like the output
accidently uses int instead of unsigned int.

But Wait, there is more:

$$code(lang=shell)
$ keyctl show
Session Keyring
70665221 –alswrv 0 0 keyring: _ses
184578637 –alswrv 0 65534 _ keyring: _uid.0
175445478 –alswrv 0 0 _ user: d395309aaad4de06
tanja:~# man keyctl
tanja:~# keyctl add user foobar barfoo @u
545549103
$ keyctl show
Session Keyring
70665221 –alswrv 0 0 keyring: _ses
184578637 –alswrv 0 65534 _ keyring: _uid.0
175445478 –alswrv 0 0 _ user: d395309aaad4de06
545549103 –alswrv 0 0 _ user: foobar
$$/code

Every other tool I know tries to prevent key data from being shown in the process list by not passing cleartext passwords as commandline arguments, maybe for keyctl rules are different.

So far for this interesting experience. I still hope that I am wrong and everything is fine as soon as I dig deeper.

Posted on May 10, 2016, 11:14 pm By
Comments Categories: code, software