lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 24 Aug 2009 11:34:37 +1000 (EST)
From:	James Morris <jmorris@...ei.org>
To:	"Serge E. Hallyn" <serue@...ibm.com>
cc:	linux-kernel@...r.kernel.org, mm-commits@...r.kernel.org,
	mschmidt@...hat.com, dhowells@...hat.com, sds@...ho.nsa.gov
Subject: Re: + bsdacct-switch-credentials-for-writing-to-the-accounting-file.patch
 added to -mm tree


Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next


On Fri, 21 Aug 2009, Serge E. Hallyn wrote:
> Quoting akpm@...ux-foundation.org (akpm@...ux-foundation.org):
> > 
> > The patch titled
> >      bsdacct: switch credentials for writing to the accounting file
> > has been added to the -mm tree.  Its filename is
> >      bsdacct-switch-credentials-for-writing-to-the-accounting-file.patch
> > 
> > Before you just go and hit "reply", please:
> >    a) Consider who else should be cc'ed
> >    b) Prefer to cc a suitable mailing list as well
> >    c) Ideally: find the original patch on the mailing list and do a
> >       reply-to-all to that, adding suitable additional cc's
> > 
> > *** Remember to use Documentation/SubmitChecklist when testing your code ***
> > 
> > See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find
> > out what to do about this
> > 
> > The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/
> > 
> > ------------------------------------------------------
> > Subject: bsdacct: switch credentials for writing to the accounting file
> > From: Michal Schmidt <mschmidt@...hat.com>
> > 
> > When process accounting is enabled, every exiting process writes a log to
> > the account file.  In addition, every once in a while one of the exiting
> > processes checks whether there's enough free space for the log.
> > 
> > SELinux policy may or may not allow the exiting process to stat the fs. 
> > So unsuspecting processes start generating AVC denials just because
> > someone enabled process accounting.
> > 
> > For these filesystem operations, the exiting process's credentials should
> > be temporarily switched to that of the process which enabled accounting,
> > because it's really that process which wanted to have the accounting
> > information logged.
> > 
> > Signed-off-by: Michal Schmidt <mschmidt@...hat.com>
> > Acked-by: David Howells <dhowells@...hat.com>
> 
> Acked-by: Serge Hallyn <serue@...ibm.com>
> 
> > Cc: James Morris <jmorris@...ei.org>
> > Cc: Serge Hallyn <serue@...ibm.com>
> > Cc: Stephen Smalley <sds@...ho.nsa.gov>
> > Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
> > ---
> > 
> >  kernel/acct.c |    8 +++++++-
> >  1 file changed, 7 insertions(+), 1 deletion(-)
> > 
> > diff -puN kernel/acct.c~bsdacct-switch-credentials-for-writing-to-the-accounting-file kernel/acct.c
> > --- a/kernel/acct.c~bsdacct-switch-credentials-for-writing-to-the-accounting-file
> > +++ a/kernel/acct.c
> > @@ -491,13 +491,17 @@ static void do_acct_process(struct bsd_a
> >  	u64 run_time;
> >  	struct timespec uptime;
> >  	struct tty_struct *tty;
> > +	const struct cred *orig_cred;
> > +
> > +	/* Perform file operations on behalf of whoever enabled accounting */
> > +	orig_cred = override_creds(file->f_cred);
> > 
> >  	/*
> >  	 * First check to see if there is enough free_space to continue
> >  	 * the process accounting system.
> >  	 */
> >  	if (!check_free_space(acct, file))
> > -		return;
> > +		goto out;
> > 
> >  	/*
> >  	 * Fill the accounting struct with the needed info as recorded
> > @@ -578,6 +582,8 @@ static void do_acct_process(struct bsd_a
> >  			       sizeof(acct_t), &file->f_pos);
> >  	current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
> >  	set_fs(fs);
> > +out:
> > +	revert_creds(orig_cred);
> >  }
> > 
> >  /**
> > _
> > 
> > Patches currently in -mm which might be from mschmidt@...hat.com are
> > 
> > bsdacct-switch-credentials-for-writing-to-the-accounting-file.patch
> > 
> > --
> > To unsubscribe from this list: send the line "unsubscribe mm-commits" in
> > the body of a message to majordomo@...r.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 

-- 
James Morris
<jmorris@...ei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ