From 927942aabbbe506bf9bc70a16dc5460ecc64c148 Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 11 Jun 2010 17:31:10 +0100 Subject: KEYS: Make /proc/keys check to see if a key is possessed before security check Make /proc/keys check to see if the calling process possesses each key before performing the security check. The possession check can be skipped if the key doesn't have the possessor-view permission bit set. This causes the keys a process possesses to show up in /proc/keys, even if they don't have matching user/group/other view permissions. Signed-off-by: David Howells Signed-off-by: James Morris --- security/keys/internal.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'security/keys/internal.h') diff --git a/security/keys/internal.h b/security/keys/internal.h index 38783dcf6c6..addb67b169f 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -114,6 +114,10 @@ extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, const void *description, key_match_func_t match); +extern key_ref_t search_my_process_keyrings(struct key_type *type, + const void *description, + key_match_func_t match, + const struct cred *cred); extern key_ref_t search_process_keyrings(struct key_type *type, const void *description, key_match_func_t match, @@ -134,6 +138,7 @@ extern struct key *request_key_and_link(struct key_type *type, struct key *dest_keyring, unsigned long flags); +extern int lookup_user_key_possessed(const struct key *key, const void *target); extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags, key_perm_t perm); #define KEY_LOOKUP_CREATE 0x01 -- cgit v1.2.3-70-g09d2