diff options
| author | Michael LeMay <mdlemay@epoch.ncsc.mil> | 2006-06-26 03:24:56 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-26 12:58:18 -0400 |
| commit | 06ec7be557a1259611d6093a00463c42650dc71a (patch) | |
| tree | b83cdbc8405e0a174939d36e4fe40fb8adb51071 /Documentation/keys.txt | |
| parent | e51f6d343789a4f0a2a7587ad7ec7746969d5c1c (diff) | |
[PATCH] keys: restrict contents of /proc/keys to Viewable keys
Restrict /proc/keys such that only those keys to which the current task is
granted View permission are presented.
The documentation is also updated to reflect these changes.
Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'Documentation/keys.txt')
| -rw-r--r-- | Documentation/keys.txt | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/Documentation/keys.txt b/Documentation/keys.txt index 3bbe157b45e4..70e83cf664ae 100644 --- a/Documentation/keys.txt +++ b/Documentation/keys.txt | |||
| @@ -270,9 +270,17 @@ about the status of the key service: | |||
| 270 | 270 | ||
| 271 | (*) /proc/keys | 271 | (*) /proc/keys |
| 272 | 272 | ||
| 273 | This lists all the keys on the system, giving information about their | 273 | This lists the keys that are currently viewable by the task reading the |
| 274 | type, description and permissions. The payload of the key is not available | 274 | file, giving information about their type, description and permissions. |
| 275 | this way: | 275 | It is not possible to view the payload of the key this way, though some |
| 276 | information about it may be given. | ||
| 277 | |||
| 278 | The only keys included in the list are those that grant View permission to | ||
| 279 | the reading process whether or not it possesses them. Note that LSM | ||
| 280 | security checks are still performed, and may further filter out keys that | ||
| 281 | the current process is not authorised to view. | ||
| 282 | |||
| 283 | The contents of the file look like this: | ||
| 276 | 284 | ||
| 277 | SERIAL FLAGS USAGE EXPY PERM UID GID TYPE DESCRIPTION: SUMMARY | 285 | SERIAL FLAGS USAGE EXPY PERM UID GID TYPE DESCRIPTION: SUMMARY |
| 278 | 00000001 I----- 39 perm 1f3f0000 0 0 keyring _uid_ses.0: 1/4 | 286 | 00000001 I----- 39 perm 1f3f0000 0 0 keyring _uid_ses.0: 1/4 |
| @@ -300,7 +308,7 @@ about the status of the key service: | |||
| 300 | (*) /proc/key-users | 308 | (*) /proc/key-users |
| 301 | 309 | ||
| 302 | This file lists the tracking data for each user that has at least one key | 310 | This file lists the tracking data for each user that has at least one key |
| 303 | on the system. Such data includes quota information and statistics: | 311 | on the system. Such data includes quota information and statistics: |
| 304 | 312 | ||
| 305 | [root@andromeda root]# cat /proc/key-users | 313 | [root@andromeda root]# cat /proc/key-users |
| 306 | 0: 46 45/45 1/100 13/10000 | 314 | 0: 46 45/45 1/100 13/10000 |