[PATCH] keys: restrict contents of /proc/keys to Viewable keys
Restrict /proc/keys such that only those keys to which the current task is granted View permission are presented. The documentation is also updated to reflect these changes. Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
parent
e51f6d3437
commit
06ec7be557
3 changed files with 32 additions and 11 deletions
|
@ -270,9 +270,17 @@ about the status of the key service:
|
|||
|
||||
(*) /proc/keys
|
||||
|
||||
This lists all the keys on the system, giving information about their
|
||||
type, description and permissions. The payload of the key is not available
|
||||
this way:
|
||||
This lists the keys that are currently viewable by the task reading the
|
||||
file, giving information about their type, description and permissions.
|
||||
It is not possible to view the payload of the key this way, though some
|
||||
information about it may be given.
|
||||
|
||||
The only keys included in the list are those that grant View permission to
|
||||
the reading process whether or not it possesses them. Note that LSM
|
||||
security checks are still performed, and may further filter out keys that
|
||||
the current process is not authorised to view.
|
||||
|
||||
The contents of the file look like this:
|
||||
|
||||
SERIAL FLAGS USAGE EXPY PERM UID GID TYPE DESCRIPTION: SUMMARY
|
||||
00000001 I----- 39 perm 1f3f0000 0 0 keyring _uid_ses.0: 1/4
|
||||
|
@ -300,7 +308,7 @@ about the status of the key service:
|
|||
(*) /proc/key-users
|
||||
|
||||
This file lists the tracking data for each user that has at least one key
|
||||
on the system. Such data includes quota information and statistics:
|
||||
on the system. Such data includes quota information and statistics:
|
||||
|
||||
[root@andromeda root]# cat /proc/key-users
|
||||
0: 46 45/45 1/100 13/10000
|
||||
|
|
|
@ -22,16 +22,22 @@ config KEYS
|
|||
If you are unsure as to whether this is required, answer N.
|
||||
|
||||
config KEYS_DEBUG_PROC_KEYS
|
||||
bool "Enable the /proc/keys file by which all keys may be viewed"
|
||||
bool "Enable the /proc/keys file by which keys may be viewed"
|
||||
depends on KEYS
|
||||
help
|
||||
This option turns on support for the /proc/keys file through which
|
||||
all the keys on the system can be listed.
|
||||
This option turns on support for the /proc/keys file - through which
|
||||
can be listed all the keys on the system that are viewable by the
|
||||
reading process.
|
||||
|
||||
This option is a slight security risk in that it makes it possible
|
||||
for anyone to see all the keys on the system. Normally the manager
|
||||
pretends keys that are inaccessible to a process don't exist as far
|
||||
as that process is concerned.
|
||||
The only keys included in the list are those that grant View
|
||||
permission to the reading process whether or not it possesses them.
|
||||
Note that LSM security checks are still performed, and may further
|
||||
filter out keys that the current process is not authorised to view.
|
||||
|
||||
Only key attributes are listed here; key payloads are not included in
|
||||
the resulting table.
|
||||
|
||||
If you are unsure as to whether this is required, answer N.
|
||||
|
||||
config SECURITY
|
||||
bool "Enable different security models"
|
||||
|
|
|
@ -137,6 +137,13 @@ static int proc_keys_show(struct seq_file *m, void *v)
|
|||
struct timespec now;
|
||||
unsigned long timo;
|
||||
char xbuf[12];
|
||||
int rc;
|
||||
|
||||
/* check whether the current task is allowed to view the key (assuming
|
||||
* non-possession) */
|
||||
rc = key_task_permission(make_key_ref(key, 0), current, KEY_VIEW);
|
||||
if (rc < 0)
|
||||
return 0;
|
||||
|
||||
now = current_kernel_time();
|
||||
|
||||
|
|
Loading…
Reference in a new issue