aboutsummaryrefslogtreecommitdiffstats
path: root/security/Kconfig
diff options
context:
space:
mode:
authorMichael LeMay <mdlemay@epoch.ncsc.mil>2006-06-26 03:24:56 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-06-26 12:58:18 -0400
commit06ec7be557a1259611d6093a00463c42650dc71a (patch)
treeb83cdbc8405e0a174939d36e4fe40fb8adb51071 /security/Kconfig
parente51f6d343789a4f0a2a7587ad7ec7746969d5c1c (diff)
[PATCH] keys: restrict contents of /proc/keys to Viewable keys
Restrict /proc/keys such that only those keys to which the current task is granted View permission are presented. The documentation is also updated to reflect these changes. Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/Kconfig')
-rw-r--r--security/Kconfig20
1 files changed, 13 insertions, 7 deletions
diff --git a/security/Kconfig b/security/Kconfig
index 34f593410d57..67785df264e5 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -22,16 +22,22 @@ config KEYS
22 If you are unsure as to whether this is required, answer N. 22 If you are unsure as to whether this is required, answer N.
23 23
24config KEYS_DEBUG_PROC_KEYS 24config KEYS_DEBUG_PROC_KEYS
25 bool "Enable the /proc/keys file by which all keys may be viewed" 25 bool "Enable the /proc/keys file by which keys may be viewed"
26 depends on KEYS 26 depends on KEYS
27 help 27 help
28 This option turns on support for the /proc/keys file through which 28 This option turns on support for the /proc/keys file - through which
29 all the keys on the system can be listed. 29 can be listed all the keys on the system that are viewable by the
30 reading process.
30 31
31 This option is a slight security risk in that it makes it possible 32 The only keys included in the list are those that grant View
32 for anyone to see all the keys on the system. Normally the manager 33 permission to the reading process whether or not it possesses them.
33 pretends keys that are inaccessible to a process don't exist as far 34 Note that LSM security checks are still performed, and may further
34 as that process is concerned. 35 filter out keys that the current process is not authorised to view.
36
37 Only key attributes are listed here; key payloads are not included in
38 the resulting table.
39
40 If you are unsure as to whether this is required, answer N.
35 41
36config SECURITY 42config SECURITY
37 bool "Enable different security models" 43 bool "Enable different security models"