| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 01 Jul 2008 17:01:56 -0700
From: Casey Schaufler <casey@...aufler-ca.com>
To: Miklos Szeredi <miklos@...redi.hu>
CC: akpm@...ux-foundation.org, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [patch] smack: remove unnecessary xattr checks
Miklos Szeredi wrote:
> Hi Casey,
>
> This is an untested patch, if it looks OK, can you please apply it to
> your tree (or ACK it)?
>
> Thanks,
> Miklos
>
> ----
> From: Miklos Szeredi <mszeredi@...e.cz>
>
> getxattr() calls security_inode_permission(MAY_READ) so
> smack_inode_getxattr() is unnecessary.
>
> setxattr() and removexattr() call security_inode_permission(MAY_WRITE)
> so the write permission checks in smack_inode_setxattr() and
> smack_inode_removexattr() are unnecessary.
>
> Signed-off-by: Miklos Szeredi <mszeredi@...e.cz>
>
Nacked-by: Casey Schaufler <casey@...aufler-ca.com>
I tried your patch without looking at it and found that
getxattr is too permissive with your changes. I found that
% ls -l foo
will fail while
% attr -S -g SMACK64 foo
will succeed. Of course if stat() fails due to a Smack
access check getxattr() ought to as well. So it would
appear that the call to security_inode_permission is not
sufficient.
> ---
> security/smack/smack_lsm.c | 19 -------------------
> 1 file changed, 19 deletions(-)
>
> Index: linux-2.6/security/smack/smack_lsm.c
> ===================================================================
> --- linux-2.6.orig/security/smack/smack_lsm.c 2008-07-01 21:44:05.000000000 +0200
> +++ linux-2.6/security/smack/smack_lsm.c 2008-07-01 21:45:27.000000000 +0200
> @@ -588,9 +588,6 @@ static int smack_inode_setxattr(struct d
> } else
> rc = cap_inode_setxattr(dentry, name, value, size, flags);
>
> - if (rc == 0)
> - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
> -
> return rc;
> }
>
> @@ -636,18 +633,6 @@ static void smack_inode_post_setxattr(st
> }
>
> /*
> - * smack_inode_getxattr - Smack check on getxattr
> - * @dentry: the object
> - * @name: unused
> - *
> - * Returns 0 if access is permitted, an error code otherwise
> - */
> -static int smack_inode_getxattr(struct dentry *dentry, const char *name)
> -{
> - return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ);
> -}
> -
> -/*
> * smack_inode_removexattr - Smack check on removexattr
> * @dentry: the object
> * @name: name of the attribute
> @@ -668,9 +653,6 @@ static int smack_inode_removexattr(struc
> } else
> rc = cap_inode_removexattr(dentry, name);
>
> - if (rc == 0)
> - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
> -
> return rc;
> }
>
> @@ -2606,7 +2588,6 @@ struct security_operations smack_ops = {
> .inode_getattr = smack_inode_getattr,
> .inode_setxattr = smack_inode_setxattr,
> .inode_post_setxattr = smack_inode_post_setxattr,
> - .inode_getxattr = smack_inode_getxattr,
> .inode_removexattr = smack_inode_removexattr,
> .inode_need_killpriv = cap_inode_need_killpriv,
> .inode_killpriv = cap_inode_killpriv,
>
>
>
--
----------------------
Casey Schaufler
casey@...aufler-ca.com
650.906.1780
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists