Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4aa68e07 authored by Eric Biggers's avatar Eric Biggers Committed by David Howells
Browse files

KEYS: restrict /proc/keys by credentials at open time 



When checking for permission to view keys whilst reading from
/proc/keys, we should use the credentials with which the /proc/keys file
was opened.  This is because, in a classic type of exploit, it can be
possible to bypass checks for the *current* credentials by passing the
file descriptor to a suid program.

Following commit 34dbbcdb ("Make file credentials available to the
seqfile interfaces") we can finally fix it.  So let's do it.

Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
parent 8f674565

security/keys/proc.c

+2 −6
Original line number Diff line number Diff line
@@ -187,7 +187,7 @@ static int proc_keys_show(struct seq_file *m, void *v) 
	struct keyring_search_context ctx = {

		.index_key.type		= key->type,

		.index_key.description	= key->description,

		.cred			= current_cred(),

		.cred			= m->file->f_cred,

		.match_data.cmp		= lookup_user_key_possessed,

		.match_data.raw_data	= key,

		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
@@ -207,11 +207,7 @@ static int proc_keys_show(struct seq_file *m, void *v) 
		}

	}



	/* check whether the current task is allowed to view the key (assuming

	 * non-possession)

	 * - the caller holds a spinlock, and thus the RCU read lock, making our

	 *   access to __current_cred() safe

	 */

	/* check whether the current task is allowed to view the key */

	rc = key_task_permission(key_ref, ctx.cred, KEY_NEED_VIEW);

	if (rc < 0)

		return 0;