KEYS: Make /proc/keys check to see if a key is possessed before security check

[net-next-2.6.git] / security / keys / proc.c

diff --git a/security/keys/proc.c b/security/keys/proc.c
index 068b66ea2f1bbf17dd2c9062530b9d1c64e19612..70373966816e9845594919d870fca1f3e441ca65 100644 (file)
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -184,20 +184,36 @@ static void proc_keys_stop(struct seq_file *p, void *v)
 
 static int proc_keys_show(struct seq_file *m, void *v)
 {
+       const struct cred *cred = current_cred();
        struct rb_node *_p = v;
        struct key *key = rb_entry(_p, struct key, serial_node);
        struct timespec now;
        unsigned long timo;
+       key_ref_t key_ref, skey_ref;
        char xbuf[12];
        int rc;
 
+       key_ref = make_key_ref(key, 0);
+
+       /* determine if the key is possessed by this process (a test we can
+        * skip if the key does not indicate the possessor can view it
+        */
+       if (key->perm & KEY_POS_VIEW) {
+               skey_ref = search_my_process_keyrings(key->type, key,
+                                                     lookup_user_key_possessed,
+                                                     cred);
+               if (!IS_ERR(skey_ref)) {
+                       key_ref_put(skey_ref);
+                       key_ref = make_key_ref(key, 1);
+               }
+       }
+
        /* check whether the current task is allowed to view the key (assuming
         * non-possession)
         * - the caller holds a spinlock, and thus the RCU read lock, making our
         *   access to __current_cred() safe
         */
-       rc = key_task_permission(make_key_ref(key, 0), current_cred(),
-                                KEY_VIEW);
+       rc = key_task_permission(key_ref, cred, KEY_VIEW);
        if (rc < 0)
                return 0;