KEYS: restrict /proc/keys by credentials at open time

[linux-2.6-microblaze.git] / security / keys / proc.c

diff --git a/security/keys/proc.c b/security/keys/proc.c
index bf08d02..de83430 100644 (file)
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -187,7 +187,7 @@ static int proc_keys_show(struct seq_file *m, void *v)
        struct keyring_search_context ctx = {
                .index_key.type         = key->type,
                .index_key.description  = key->description,
-               .cred                   = current_cred(),
+               .cred                   = m->file->f_cred,
                .match_data.cmp         = lookup_user_key_possessed,
                .match_data.raw_data    = key,
                .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
@@ -207,11 +207,7 @@ static int proc_keys_show(struct seq_file *m, void *v)
                }
        }
 
-       /* check whether the current task is allowed to view the key (assuming
-        * non-possession)
-        * - the caller holds a spinlock, and thus the RCU read lock, making our
-        *   access to __current_cred() safe
-        */
+       /* check whether the current task is allowed to view the key */
        rc = key_task_permission(key_ref, ctx.cred, KEY_NEED_VIEW);
        if (rc < 0)
                return 0;