+ keys-restrict-contents-of-proc-keys-to-viewable-keys.patch added to -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The patch titled

     keys: restrict contents of /proc/keys to Viewable keys

has been added to the -mm tree.  Its filename is

     keys-restrict-contents-of-proc-keys-to-viewable-keys.patch

See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this

------------------------------------------------------
Subject: keys: restrict contents of /proc/keys to Viewable keys
From: Michael LeMay <mdlemay@xxxxxxxxxxxxxx>


Restrict /proc/keys such that only those keys to which the current task is
granted View permission are presented.

The documentation is also updated to reflect these changes.

Signed-off-by: Michael LeMay <mdlemay@xxxxxxxxxxxxxx>
Signed-off-by: James Morris <jmorris@xxxxxxxxx>
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

 Documentation/keys.txt |   16 ++++++++++++----
 security/Kconfig       |   20 +++++++++++++-------
 security/keys/proc.c   |    7 +++++++
 3 files changed, 32 insertions(+), 11 deletions(-)

diff -puN Documentation/keys.txt~keys-restrict-contents-of-proc-keys-to-viewable-keys Documentation/keys.txt
--- 25/Documentation/keys.txt~keys-restrict-contents-of-proc-keys-to-viewable-keys	Tue Jun 20 17:00:34 2006
+++ 25-akpm/Documentation/keys.txt	Tue Jun 20 17:00:34 2006
@@ -270,9 +270,17 @@ about the status of the key service:
 
  (*) /proc/keys
 
-     This lists all the keys on the system, giving information about their
-     type, description and permissions. The payload of the key is not available
-     this way:
+     This lists the keys that are currently viewable by the task reading the
+     file, giving information about their type, description and permissions.
+     It is not possible to view the payload of the key this way, though some
+     information about it may be given.
+
+     The only keys included in the list are those that grant View permission to
+     the reading process whether or not it possesses them.  Note that LSM
+     security checks are still performed, and may further filter out keys that
+     the current process is not authorised to view.
+
+     The contents of the file look like this:
 
 	SERIAL   FLAGS  USAGE EXPY PERM     UID   GID   TYPE      DESCRIPTION: SUMMARY
 	00000001 I-----    39 perm 1f3f0000     0     0 keyring   _uid_ses.0: 1/4
@@ -300,7 +308,7 @@ about the status of the key service:
  (*) /proc/key-users
 
      This file lists the tracking data for each user that has at least one key
-     on the system. Such data includes quota information and statistics:
+     on the system.  Such data includes quota information and statistics:
 
 	[root@andromeda root]# cat /proc/key-users
 	0:     46 45/45 1/100 13/10000
diff -puN security/Kconfig~keys-restrict-contents-of-proc-keys-to-viewable-keys security/Kconfig
--- 25/security/Kconfig~keys-restrict-contents-of-proc-keys-to-viewable-keys	Tue Jun 20 17:00:34 2006
+++ 25-akpm/security/Kconfig	Tue Jun 20 17:00:34 2006
@@ -22,16 +22,22 @@ config KEYS
 	  If you are unsure as to whether this is required, answer N.
 
 config KEYS_DEBUG_PROC_KEYS
-	bool "Enable the /proc/keys file by which all keys may be viewed"
+	bool "Enable the /proc/keys file by which keys may be viewed"
 	depends on KEYS
 	help
-	  This option turns on support for the /proc/keys file through which
-	  all the keys on the system can be listed.
+	  This option turns on support for the /proc/keys file - through which
+	  can be listed all the keys on the system that are viewable by the
+	  reading process.
 
-	  This option is a slight security risk in that it makes it possible
-	  for anyone to see all the keys on the system. Normally the manager
-	  pretends keys that are inaccessible to a process don't exist as far
-	  as that process is concerned.
+	  The only keys included in the list are those that grant View
+	  permission to the reading process whether or not it possesses them.
+	  Note that LSM security checks are still performed, and may further
+	  filter out keys that the current process is not authorised to view.
+
+	  Only key attributes are listed here; key payloads are not included in
+	  the resulting table.
+
+	  If you are unsure as to whether this is required, answer N.
 
 config SECURITY
 	bool "Enable different security models"
diff -puN security/keys/proc.c~keys-restrict-contents-of-proc-keys-to-viewable-keys security/keys/proc.c
--- 25/security/keys/proc.c~keys-restrict-contents-of-proc-keys-to-viewable-keys	Tue Jun 20 17:00:34 2006
+++ 25-akpm/security/keys/proc.c	Tue Jun 20 17:00:34 2006
@@ -137,6 +137,13 @@ static int proc_keys_show(struct seq_fil
 	struct timespec now;
 	unsigned long timo;
 	char xbuf[12];
+	int rc;
+
+	/* check whether the current task is allowed to view the key (assuming
+	 * non-possession) */
+	rc = key_task_permission(make_key_ref(key, 0), current, KEY_VIEW);
+	if (rc < 0)
+		return 0;
 
 	now = current_kernel_time();
 
_

Patches currently in -mm which might be from mdlemay@xxxxxxxxxxxxxx are

selinux-add-hooks-for-key-subsystem.patch
keys-allocate-key-serial-numbers-randomly.patch
keys-restrict-contents-of-proc-keys-to-viewable-keys.patch
keys-add-a-way-to-store-the-appropriate-context-for-newly-created-keys.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Kernel Newbies FAQ]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux