Commit 06ec7be5 authored by Michael LeMay's avatar Michael LeMay Committed by Linus Torvalds

[PATCH] keys: restrict contents of /proc/keys to Viewable keys

Restrict /proc/keys such that only those keys to which the current task is
granted View permission are presented.

The documentation is also updated to reflect these changes.
Signed-off-by: default avatarMichael LeMay <mdlemay@epoch.ncsc.mil>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent e51f6d34
...@@ -270,9 +270,17 @@ about the status of the key service: ...@@ -270,9 +270,17 @@ about the status of the key service:
(*) /proc/keys (*) /proc/keys
This lists all the keys on the system, giving information about their This lists the keys that are currently viewable by the task reading the
type, description and permissions. The payload of the key is not available file, giving information about their type, description and permissions.
this way: It is not possible to view the payload of the key this way, though some
information about it may be given.
The only keys included in the list are those that grant View permission to
the reading process whether or not it possesses them. Note that LSM
security checks are still performed, and may further filter out keys that
the current process is not authorised to view.
The contents of the file look like this:
SERIAL FLAGS USAGE EXPY PERM UID GID TYPE DESCRIPTION: SUMMARY SERIAL FLAGS USAGE EXPY PERM UID GID TYPE DESCRIPTION: SUMMARY
00000001 I----- 39 perm 1f3f0000 0 0 keyring _uid_ses.0: 1/4 00000001 I----- 39 perm 1f3f0000 0 0 keyring _uid_ses.0: 1/4
......
...@@ -22,16 +22,22 @@ config KEYS ...@@ -22,16 +22,22 @@ config KEYS
If you are unsure as to whether this is required, answer N. If you are unsure as to whether this is required, answer N.
config KEYS_DEBUG_PROC_KEYS config KEYS_DEBUG_PROC_KEYS
bool "Enable the /proc/keys file by which all keys may be viewed" bool "Enable the /proc/keys file by which keys may be viewed"
depends on KEYS depends on KEYS
help help
This option turns on support for the /proc/keys file through which This option turns on support for the /proc/keys file - through which
all the keys on the system can be listed. can be listed all the keys on the system that are viewable by the
reading process.
This option is a slight security risk in that it makes it possible The only keys included in the list are those that grant View
for anyone to see all the keys on the system. Normally the manager permission to the reading process whether or not it possesses them.
pretends keys that are inaccessible to a process don't exist as far Note that LSM security checks are still performed, and may further
as that process is concerned. filter out keys that the current process is not authorised to view.
Only key attributes are listed here; key payloads are not included in
the resulting table.
If you are unsure as to whether this is required, answer N.
config SECURITY config SECURITY
bool "Enable different security models" bool "Enable different security models"
......
...@@ -137,6 +137,13 @@ static int proc_keys_show(struct seq_file *m, void *v) ...@@ -137,6 +137,13 @@ static int proc_keys_show(struct seq_file *m, void *v)
struct timespec now; struct timespec now;
unsigned long timo; unsigned long timo;
char xbuf[12]; char xbuf[12];
int rc;
/* check whether the current task is allowed to view the key (assuming
* non-possession) */
rc = key_task_permission(make_key_ref(key, 0), current, KEY_VIEW);
if (rc < 0)
return 0;
now = current_kernel_time(); now = current_kernel_time();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment