|author||Michael LeMay <firstname.lastname@example.org>||2006-06-26 00:24:56 -0700|
|committer||Linus Torvalds <email@example.com>||2006-06-26 09:58:18 -0700|
[PATCH] keys: restrict contents of /proc/keys to Viewable keys
Restrict /proc/keys such that only those keys to which the current task is granted View permission are presented. The documentation is also updated to reflect these changes. Signed-off-by: Michael LeMay <firstname.lastname@example.org> Signed-off-by: James Morris <email@example.com> Signed-off-by: David Howells <firstname.lastname@example.org> Signed-off-by: Andrew Morton <email@example.com> Signed-off-by: Linus Torvalds <firstname.lastname@example.org>
Diffstat (limited to 'security')
2 files changed, 20 insertions, 7 deletions
diff --git a/security/Kconfig b/security/Kconfig
index 34f593410d57..67785df264e5 100644
@@ -22,16 +22,22 @@ config KEYS
If you are unsure as to whether this is required, answer N.
- bool "Enable the /proc/keys file by which all keys may be viewed"
+ bool "Enable the /proc/keys file by which keys may be viewed"
depends on KEYS
- This option turns on support for the /proc/keys file through which
- all the keys on the system can be listed.
+ This option turns on support for the /proc/keys file - through which
+ can be listed all the keys on the system that are viewable by the
+ reading process.
- This option is a slight security risk in that it makes it possible
- for anyone to see all the keys on the system. Normally the manager
- pretends keys that are inaccessible to a process don't exist as far
- as that process is concerned.
+ The only keys included in the list are those that grant View
+ permission to the reading process whether or not it possesses them.
+ Note that LSM security checks are still performed, and may further
+ filter out keys that the current process is not authorised to view.
+ Only key attributes are listed here; key payloads are not included in
+ the resulting table.
+ If you are unsure as to whether this is required, answer N.
bool "Enable different security models"
diff --git a/security/keys/proc.c b/security/keys/proc.c
index 12b750e51fbf..686a9ee0c5de 100644
@@ -137,6 +137,13 @@ static int proc_keys_show(struct seq_file *m, void *v)
struct timespec now;
unsigned long timo;
+ int rc;
+ /* check whether the current task is allowed to view the key (assuming
+ * non-possession) */
+ rc = key_task_permission(make_key_ref(key, 0), current, KEY_VIEW);
+ if (rc < 0)
+ return 0;
now = current_kernel_time();