Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 06ec7be5 authored by Michael LeMay's avatar Michael LeMay Committed by Linus Torvalds
Browse files

[PATCH] keys: restrict contents of /proc/keys to Viewable keys 



Restrict /proc/keys such that only those keys to which the current task is
granted View permission are presented.

The documentation is also updated to reflect these changes.

Signed-off-by: default avatarMichael LeMay <mdlemay@epoch.ncsc.mil>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent e51f6d34

Documentation/keys.txt

+12 −4
Original line number Diff line number Diff line
@@ -270,9 +270,17 @@ about the status of the key service: 


 (*) /proc/keys



     This lists all the keys on the system, giving information about their

     type, description and permissions. The payload of the key is not available

     this way:

     This lists the keys that are currently viewable by the task reading the

     file, giving information about their type, description and permissions.

     It is not possible to view the payload of the key this way, though some

     information about it may be given.



     The only keys included in the list are those that grant View permission to

     the reading process whether or not it possesses them.  Note that LSM

     security checks are still performed, and may further filter out keys that

     the current process is not authorised to view.



     The contents of the file look like this:



	SERIAL   FLAGS  USAGE EXPY PERM     UID   GID   TYPE      DESCRIPTION: SUMMARY

	00000001 I-----    39 perm 1f3f0000     0     0 keyring   _uid_ses.0: 1/4

security/Kconfig

+13 −7
Original line number Diff line number Diff line
@@ -22,16 +22,22 @@ config KEYS 
	  If you are unsure as to whether this is required, answer N.



config KEYS_DEBUG_PROC_KEYS

	bool "Enable the /proc/keys file by which all keys may be viewed"

	bool "Enable the /proc/keys file by which keys may be viewed"

	depends on KEYS

	help

	  This option turns on support for the /proc/keys file through which

	  all the keys on the system can be listed.

	  This option turns on support for the /proc/keys file - through which

	  can be listed all the keys on the system that are viewable by the

	  reading process.



	  This option is a slight security risk in that it makes it possible

	  for anyone to see all the keys on the system. Normally the manager

	  pretends keys that are inaccessible to a process don't exist as far

	  as that process is concerned.

	  The only keys included in the list are those that grant View

	  permission to the reading process whether or not it possesses them.

	  Note that LSM security checks are still performed, and may further

	  filter out keys that the current process is not authorised to view.



	  Only key attributes are listed here; key payloads are not included in

	  the resulting table.



	  If you are unsure as to whether this is required, answer N.



config SECURITY

	bool "Enable different security models"

security/keys/proc.c

+7 −0
Original line number Diff line number Diff line
@@ -137,6 +137,13 @@ static int proc_keys_show(struct seq_file *m, void *v) 
	struct timespec now;

	unsigned long timo;

	char xbuf[12];

	int rc;



	/* check whether the current task is allowed to view the key (assuming

	 * non-possession) */

	rc = key_task_permission(make_key_ref(key, 0), current, KEY_VIEW);

	if (rc < 0)

		return 0;



	now = current_kernel_time();