diff options
| author | David Howells <dhowells@redhat.com> | 2015-01-22 17:34:32 -0500 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2015-01-22 17:34:32 -0500 |
| commit | dabd39cc2fb1b0e97313ebbe7309ea8e05b7cfb5 (patch) | |
| tree | 0b3337728b5b9e607ef2b36d5c30f4267a5a343a /security | |
| parent | 961be7ef6963806cb978ccd6acf6bf84b0c63346 (diff) | |
KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y
Now that /proc/keys is used by libkeyutils to look up a key by type and
description, we should make it unconditional and remove
CONFIG_DEBUG_PROC_KEYS.
Reported-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Jiri Kosina <jkosina@suse.cz>
Diffstat (limited to 'security')
| -rw-r--r-- | security/keys/Kconfig | 18 | ||||
| -rw-r--r-- | security/keys/proc.c | 8 |
2 files changed, 0 insertions, 26 deletions
diff --git a/security/keys/Kconfig b/security/keys/Kconfig index a4f3f8c48d6e..72483b8f1be5 100644 --- a/security/keys/Kconfig +++ b/security/keys/Kconfig | |||
| @@ -80,21 +80,3 @@ config ENCRYPTED_KEYS | |||
| 80 | Userspace only ever sees/stores encrypted blobs. | 80 | Userspace only ever sees/stores encrypted blobs. |
| 81 | 81 | ||
| 82 | If you are unsure as to whether this is required, answer N. | 82 | If you are unsure as to whether this is required, answer N. |
| 83 | |||
| 84 | config KEYS_DEBUG_PROC_KEYS | ||
| 85 | bool "Enable the /proc/keys file by which keys may be viewed" | ||
| 86 | depends on KEYS | ||
| 87 | help | ||
| 88 | This option turns on support for the /proc/keys file - through which | ||
| 89 | can be listed all the keys on the system that are viewable by the | ||
| 90 | reading process. | ||
| 91 | |||
| 92 | The only keys included in the list are those that grant View | ||
| 93 | permission to the reading process whether or not it possesses them. | ||
| 94 | Note that LSM security checks are still performed, and may further | ||
| 95 | filter out keys that the current process is not authorised to view. | ||
| 96 | |||
| 97 | Only key attributes are listed here; key payloads are not included in | ||
| 98 | the resulting table. | ||
| 99 | |||
| 100 | If you are unsure as to whether this is required, answer N. | ||
diff --git a/security/keys/proc.c b/security/keys/proc.c index 972eeb336b81..f0611a6368cd 100644 --- a/security/keys/proc.c +++ b/security/keys/proc.c | |||
| @@ -18,7 +18,6 @@ | |||
| 18 | #include <asm/errno.h> | 18 | #include <asm/errno.h> |
| 19 | #include "internal.h" | 19 | #include "internal.h" |
| 20 | 20 | ||
| 21 | #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS | ||
| 22 | static int proc_keys_open(struct inode *inode, struct file *file); | 21 | static int proc_keys_open(struct inode *inode, struct file *file); |
| 23 | static void *proc_keys_start(struct seq_file *p, loff_t *_pos); | 22 | static void *proc_keys_start(struct seq_file *p, loff_t *_pos); |
| 24 | static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos); | 23 | static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos); |
| @@ -38,7 +37,6 @@ static const struct file_operations proc_keys_fops = { | |||
| 38 | .llseek = seq_lseek, | 37 | .llseek = seq_lseek, |
| 39 | .release = seq_release, | 38 | .release = seq_release, |
| 40 | }; | 39 | }; |
| 41 | #endif | ||
| 42 | 40 | ||
| 43 | static int proc_key_users_open(struct inode *inode, struct file *file); | 41 | static int proc_key_users_open(struct inode *inode, struct file *file); |
| 44 | static void *proc_key_users_start(struct seq_file *p, loff_t *_pos); | 42 | static void *proc_key_users_start(struct seq_file *p, loff_t *_pos); |
| @@ -67,11 +65,9 @@ static int __init key_proc_init(void) | |||
| 67 | { | 65 | { |
| 68 | struct proc_dir_entry *p; | 66 | struct proc_dir_entry *p; |
| 69 | 67 | ||
| 70 | #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS | ||
| 71 | p = proc_create("keys", 0, NULL, &proc_keys_fops); | 68 | p = proc_create("keys", 0, NULL, &proc_keys_fops); |
| 72 | if (!p) | 69 | if (!p) |
| 73 | panic("Cannot create /proc/keys\n"); | 70 | panic("Cannot create /proc/keys\n"); |
| 74 | #endif | ||
| 75 | 71 | ||
| 76 | p = proc_create("key-users", 0, NULL, &proc_key_users_fops); | 72 | p = proc_create("key-users", 0, NULL, &proc_key_users_fops); |
| 77 | if (!p) | 73 | if (!p) |
| @@ -86,8 +82,6 @@ __initcall(key_proc_init); | |||
| 86 | * Implement "/proc/keys" to provide a list of the keys on the system that | 82 | * Implement "/proc/keys" to provide a list of the keys on the system that |
| 87 | * grant View permission to the caller. | 83 | * grant View permission to the caller. |
| 88 | */ | 84 | */ |
| 89 | #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS | ||
| 90 | |||
| 91 | static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n) | 85 | static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n) |
| 92 | { | 86 | { |
| 93 | struct user_namespace *user_ns = seq_user_ns(p); | 87 | struct user_namespace *user_ns = seq_user_ns(p); |
| @@ -275,8 +269,6 @@ static int proc_keys_show(struct seq_file *m, void *v) | |||
| 275 | return 0; | 269 | return 0; |
| 276 | } | 270 | } |
| 277 | 271 | ||
| 278 | #endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */ | ||
| 279 | |||
| 280 | static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n) | 272 | static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n) |
| 281 | { | 273 | { |
| 282 | while (n) { | 274 | while (n) { |