Jan Lübbe <jlu@xxxxxxxxxxxxxx> wrote: > ... But at this point, you can still do 'keyctl read' on that key, exposing > the key material to user space. I wonder if it would help to provide a keyctl function to mark a key as being permanently unreadable - so that it overrides the READ permission bit. Alternatively, you can disable READ and SETATTR permission - but that then prevents you from removing other perms if you want to :-/ David
