Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 06ec7be5 authored by Michael LeMay's avatar Michael LeMay Committed by Linus Torvalds
Browse files

[PATCH] keys: restrict contents of /proc/keys to Viewable keys



Restrict /proc/keys such that only those keys to which the current task is
granted View permission are presented.

The documentation is also updated to reflect these changes.

Signed-off-by: default avatarMichael LeMay <mdlemay@epoch.ncsc.mil>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent e51f6d34
Loading
Loading
Loading
Loading
+12 −4
Original line number Diff line number Diff line
@@ -270,9 +270,17 @@ about the status of the key service:

 (*) /proc/keys

     This lists all the keys on the system, giving information about their
     type, description and permissions. The payload of the key is not available
     this way:
     This lists the keys that are currently viewable by the task reading the
     file, giving information about their type, description and permissions.
     It is not possible to view the payload of the key this way, though some
     information about it may be given.

     The only keys included in the list are those that grant View permission to
     the reading process whether or not it possesses them.  Note that LSM
     security checks are still performed, and may further filter out keys that
     the current process is not authorised to view.

     The contents of the file look like this:

	SERIAL   FLAGS  USAGE EXPY PERM     UID   GID   TYPE      DESCRIPTION: SUMMARY
	00000001 I-----    39 perm 1f3f0000     0     0 keyring   _uid_ses.0: 1/4
+13 −7
Original line number Diff line number Diff line
@@ -22,16 +22,22 @@ config KEYS
	  If you are unsure as to whether this is required, answer N.

config KEYS_DEBUG_PROC_KEYS
	bool "Enable the /proc/keys file by which all keys may be viewed"
	bool "Enable the /proc/keys file by which keys may be viewed"
	depends on KEYS
	help
	  This option turns on support for the /proc/keys file through which
	  all the keys on the system can be listed.
	  This option turns on support for the /proc/keys file - through which
	  can be listed all the keys on the system that are viewable by the
	  reading process.

	  This option is a slight security risk in that it makes it possible
	  for anyone to see all the keys on the system. Normally the manager
	  pretends keys that are inaccessible to a process don't exist as far
	  as that process is concerned.
	  The only keys included in the list are those that grant View
	  permission to the reading process whether or not it possesses them.
	  Note that LSM security checks are still performed, and may further
	  filter out keys that the current process is not authorised to view.

	  Only key attributes are listed here; key payloads are not included in
	  the resulting table.

	  If you are unsure as to whether this is required, answer N.

config SECURITY
	bool "Enable different security models"
+7 −0
Original line number Diff line number Diff line
@@ -137,6 +137,13 @@ static int proc_keys_show(struct seq_file *m, void *v)
	struct timespec now;
	unsigned long timo;
	char xbuf[12];
	int rc;

	/* check whether the current task is allowed to view the key (assuming
	 * non-possession) */
	rc = key_task_permission(make_key_ref(key, 0), current, KEY_VIEW);
	if (rc < 0)
		return 0;

	now = current_kernel_time();