X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=security%2FKconfig;fp=security%2FKconfig;h=34f593410d57cb12070a154bc0fa0b272467dfeb;hb=64ba3f394c830ec48a1c31b53dcae312c56f1604;hp=67785df264e511c83550455240f633dc99cc3483;hpb=be1e6109ac94a859551f8e1774eb9a8469fe055c;p=linux-2.6.git

diff --git a/security/Kconfig b/security/Kconfig
index 67785df26..34f593410 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -22,22 +22,16 @@ config KEYS
 	  If you are unsure as to whether this is required, answer N.
 
 config KEYS_DEBUG_PROC_KEYS
-	bool "Enable the /proc/keys file by which keys may be viewed"
+	bool "Enable the /proc/keys file by which all keys may be viewed"
 	depends on KEYS
 	help
-	  This option turns on support for the /proc/keys file - through which
-	  can be listed all the keys on the system that are viewable by the
-	  reading process.
+	  This option turns on support for the /proc/keys file through which
+	  all the keys on the system can be listed.
 
-	  The only keys included in the list are those that grant View
-	  permission to the reading process whether or not it possesses them.
-	  Note that LSM security checks are still performed, and may further
-	  filter out keys that the current process is not authorised to view.
-
-	  Only key attributes are listed here; key payloads are not included in
-	  the resulting table.
-
-	  If you are unsure as to whether this is required, answer N.
+	  This option is a slight security risk in that it makes it possible
+	  for anyone to see all the keys on the system. Normally the manager
+	  pretends keys that are inaccessible to a process don't exist as far
+	  as that process is concerned.
 
 config SECURITY
 	bool "Enable different security models"