lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 21 Oct 2007 01:52:19 +0200 (CEST)
From:	Jan Engelhardt <jengelh@...putergmbh.de>
To:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
cc:	James Morris <jmorris@...ei.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [PATCH 1/4] MultiAdmin 1.0.7


[PATCH 1/4] security_cap_extra() and more

    -   Renames capable() to capable_light().
        This function is used if only a capability is to be checked.

    -   Implement a new capable that calls security_cap_extra().
        Since a subadmin has almost the same capabilities as a
        superadmin, an extra helper is needed to decide whether an
        action is allowed, based on the philosophy of the LSM.

    -   implement the .cap_extra LSM hook


Signed-off-by: Jan Engelhardt <jengelh@....de>, May 01 2006
July 11 2006

---
 include/linux/capability.h |    2 ++
 include/linux/security.h   |   13 +++++++++++++
 kernel/capability.c        |   19 ++++++++++++++++++-
 security/dummy.c           |    6 ++++++
 4 files changed, 39 insertions(+), 1 deletion(-)

Index: linux-2.6.23.1/include/linux/capability.h
===================================================================
--- linux-2.6.23.1.orig/include/linux/capability.h
+++ linux-2.6.23.1/include/linux/capability.h
@@ -358,6 +358,8 @@ static inline kernel_cap_t cap_invert(ke
 
 #define cap_is_fs_cap(c)     (CAP_TO_MASK(c) & CAP_FS_MASK)
 
+bool capable_light(unsigned int);
+bool __capable_light(struct task_struct *, unsigned int);
 int capable(int cap);
 int __capable(struct task_struct *t, int cap);
 
Index: linux-2.6.23.1/include/linux/security.h
===================================================================
--- linux-2.6.23.1.orig/include/linux/security.h
+++ linux-2.6.23.1/include/linux/security.h
@@ -1399,6 +1399,7 @@ struct security_operations {
 
 #endif	/* CONFIG_KEYS */
 
+	int (*cap_extra)(struct task_struct *, unsigned int);
 };
 
 /* global variables */
@@ -2132,6 +2133,12 @@ static inline void security_release_secc
 	return security_ops->release_secctx(secdata, seclen);
 }
 
+static inline int security_cap_extra(struct task_struct *task,
+    unsigned int cap)
+{
+	return security_ops->cap_extra(task, cap);
+}
+
 /* prototypes */
 extern int security_init	(void);
 extern int register_security	(struct security_operations *ops);
@@ -2786,6 +2793,12 @@ static inline int security_netlink_recv 
 	return cap_netlink_recv (skb, cap);
 }
 
+static inline int security_cap_extra(struct task_struct *task,
+    unsigned int cap)
+{
+	return 0;
+}
+
 static inline struct dentry *securityfs_create_dir(const char *name,
 					struct dentry *parent)
 {
Index: linux-2.6.23.1/kernel/capability.c
===================================================================
--- linux-2.6.23.1.orig/kernel/capability.c
+++ linux-2.6.23.1/kernel/capability.c
@@ -238,7 +238,7 @@ out:
 
 int __capable(struct task_struct *t, int cap)
 {
-	if (security_capable(t, cap) == 0) {
+	if (security_capable(t, cap) == 0 && security_cap_extra(t, cap) == 0) {
 		t->flags |= PF_SUPERPRIV;
 		return 1;
 	}
@@ -251,3 +251,20 @@ int capable(int cap)
 	return __capable(current, cap);
 }
 EXPORT_SYMBOL(capable);
+
+bool __capable_light(struct task_struct *t, unsigned int cap)
+{
+	if (security_capable(t, cap) == 0) {
+		t->flags |= PF_SUPERPRIV;
+		return true;
+	}
+	return false;
+}
+EXPORT_SYMBOL(__capable_light);
+
+bool capable_light(unsigned int cap)
+{
+	return __capable_light(current, cap);
+}
+EXPORT_SYMBOL(capable_light);
+
Index: linux-2.6.23.1/security/dummy.c
===================================================================
--- linux-2.6.23.1.orig/security/dummy.c
+++ linux-2.6.23.1/security/dummy.c
@@ -693,6 +693,11 @@ static int dummy_netlink_recv (struct sk
 	return 0;
 }
 
+static int dummy_cap_extra(struct task_struct *task, unsigned int cap)
+{
+	return 0;
+}
+
 #ifdef CONFIG_SECURITY_NETWORK
 static int dummy_unix_stream_connect (struct socket *sock,
 				      struct socket *other,
@@ -1132,5 +1137,6 @@ void security_fixup_ops (struct security
 	set_to_dummy_if_null(ops, key_permission);
 #endif	/* CONFIG_KEYS */
 
+	set_to_dummy_if_null(ops, cap_extra);
 }
 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ