X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=security%2Fkeys%2Fproc.c;h=3e0d0a6e224f5e36204c05526175d9382f6af6c6;hb=9c2e08c592cd357a8330c34def1e8ecfdcf53275;hp=12b750e51fbf5c133ca4877b13a184081b73e652;hpb=fac84ef26759a3725bfc53ae3abf21976360aff3;p=linux-2.6

diff --git a/security/keys/proc.c b/security/keys/proc.c
index 12b750e51f..3e0d0a6e22 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -33,7 +33,7 @@ static struct seq_operations proc_keys_ops = {
 	.show	= proc_keys_show,
 };
 
-static struct file_operations proc_keys_fops = {
+static const struct file_operations proc_keys_fops = {
 	.open		= proc_keys_open,
 	.read		= seq_read,
 	.llseek		= seq_lseek,
@@ -54,7 +54,7 @@ static struct seq_operations proc_key_users_ops = {
 	.show	= proc_key_users_show,
 };
 
-static struct file_operations proc_key_users_fops = {
+static const struct file_operations proc_key_users_fops = {
 	.open		= proc_key_users_open,
 	.read		= seq_read,
 	.llseek		= seq_lseek,
@@ -137,6 +137,13 @@ static int proc_keys_show(struct seq_file *m, void *v)
 	struct timespec now;
 	unsigned long timo;
 	char xbuf[12];
+	int rc;
+
+	/* check whether the current task is allowed to view the key (assuming
+	 * non-possession) */
+	rc = key_task_permission(make_key_ref(key, 0), current, KEY_VIEW);
+	if (rc < 0)
+		return 0;
 
 	now = current_kernel_time();