lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 21 May 2015 13:53:37 +0200
From:	Lukasz Pawelczyk <l.pawelczyk@...sung.com>
To:	"David S. Miller" <davem@...emloft.net>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	"Kirill A. Shutemov" <kirill@...temov.name>,
	"Serge E. Hallyn" <serge@...lyn.com>,
	Al Viro <viro@...iv.linux.org.uk>,
	Alexey Dobriyan <adobriyan@...il.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Andy Lutomirski <luto@...capital.net>,
	Casey Schaufler <casey@...aufler-ca.com>,
	Christoph Hellwig <hch@....de>,
	David Howells <dhowells@...hat.com>,
	Eric Dumazet <edumazet@...gle.com>,
	Fabian Frederick <fabf@...net.be>,
	Greg KH <gregkh@...uxfoundation.org>,
	Ingo Molnar <mingo@...nel.org>,
	Ionut Alexa <ionut.m.alexa@...il.com>,
	James Morris <james.l.morris@...cle.com>,
	Jeff Layton <jlayton@...marydata.com>,
	Joe Perches <joe@...ches.com>,
	Jonathan Corbet <corbet@....net>,
	Kees Cook <keescook@...omium.org>,
	Lukasz Pawelczyk <l.pawelczyk@...sung.com>,
	Mauro Carvalho Chehab <mchehab@....samsung.com>,
	Michal Hocko <mhocko@...e.cz>,
	Miklos Szeredi <miklos@...redi.hu>,
	Nick Kralevich <nnk@...gle.com>,
	Oleg Nesterov <oleg@...hat.com>,
	Paul Moore <pmoore@...hat.com>,
	Peter Hurley <peter@...leysoftware.com>,
	Peter Zijlstra <peterz@...radead.org>,
	Rik van Riel <riel@...hat.com>,
	Serge Hallyn <serge.hallyn@...onical.com>,
	Stephen Smalley <sds@...ho.nsa.gov>, Tejun Heo <tj@...nel.org>,
	Zefan Li <lizefan@...wei.com>,
	Rafal Krypa <r.krypa@...sung.com>, linux-doc@...r.kernel.org,
	linux-api@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	containers@...ts.linux-foundation.org
Cc:	Lukasz Pawelczyk <havner@...il.com>
Subject: [PATCH 3/8] smack: extend capability functions and fix 2 checks

This patch extends smack capability functions to a full list to those
equivalent in the kernel

has_ns_capability -> smack_has_ns_privilege
has_capability    -> smack_has_privilege
ns_capable        -> smack_ns_privileged
capable           -> smack_privileged

It also puts the smack related part to a common function:
smack_capability_allowed()

Those functions will be needed for capability checks in the upcoming
Smack namespace patches.

Additionally there were 2 smack capability checks that used generic
capability functions instead of specific Smack ones effectively ignoring
the onlycap rule. This has been fixed now with the introduction of those
new functions.

This has implications on the Smack namespace as well as the additional
Smack checks in smack_capability_allowed() will be extended beyond the
onlycap rule. Not using Smack specific checks in those 2 places could
mean breaking the Smack label namespace separation.

Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@...sung.com>
---
 security/smack/smack.h     | 63 +++++++++++++++++++++++++++++++++++++++++++---
 security/smack/smack_lsm.c |  4 +--
 2 files changed, 61 insertions(+), 6 deletions(-)

diff --git a/security/smack/smack.h b/security/smack/smack.h
index b8c1a86..fa8fa87 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -332,21 +332,76 @@ static inline struct smack_known *smk_of_current(void)
 }
 
 /*
+ * Internal smack capability check complimentary to the
+ * set of kernel capable() and has_capability() functions
+ *
+ * For a capability in smack related checks to be effective it needs to:
+ * - have empty onlycap or the current label be the same as onlycap
+ * - be in the initial user ns
+ */
+static inline int smack_capability_allowed(struct smack_known *skp,
+					   struct user_namespace *user_ns)
+{
+	if (user_ns != &init_user_ns)
+		return 0;
+
+	if (smack_onlycap != NULL && smack_onlycap != skp)
+		return 0;
+
+	return 1;
+}
+
+/*
+ * Is the task privileged in a namespace and allowed to be privileged
+ * by additional smack rules.
+ */
+static inline int smack_has_ns_privilege(struct task_struct *task,
+					 struct user_namespace *user_ns,
+					 int cap)
+{
+	struct smack_known *skp = smk_of_task_struct(task);
+
+	if (!has_ns_capability(task, user_ns, cap))
+		return 0;
+	if (smack_capability_allowed(skp, user_ns))
+		return 1;
+	return 0;
+}
+
+/*
  * Is the task privileged and allowed to be privileged
- * by the onlycap rule.
+ * by additional smack rules.
  */
-static inline int smack_privileged(int cap)
+static inline int smack_has_privilege(struct task_struct *task, int cap)
+{
+	return smack_has_ns_privilege(task, &init_user_ns, cap);
+}
+
+/*
+ * Is the current task privileged in a namespace and allowed to be privileged
+ * by additional smack rules.
+ */
+static inline int smack_ns_privileged(struct user_namespace *user_ns, int cap)
 {
 	struct smack_known *skp = smk_of_current();
 
-	if (!capable(cap))
+	if (!ns_capable(user_ns, cap))
 		return 0;
-	if (smack_onlycap == NULL || smack_onlycap == skp)
+	if (smack_capability_allowed(skp, user_ns))
 		return 1;
 	return 0;
 }
 
 /*
+ * Is the current task privileged and allowed to be privileged
+ * by additional smack rules.
+ */
+static inline int smack_privileged(int cap)
+{
+	return smack_ns_privileged(&init_user_ns, cap);
+}
+
+/*
  * logging functions
  */
 #define SMACK_AUDIT_DENIED 0x1
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index a143328..ee7bb63 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -403,7 +403,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
 			rc = 0;
 		else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
 			rc = -EACCES;
-		else if (capable(CAP_SYS_PTRACE))
+		else if (smack_has_privilege(tracer, CAP_SYS_PTRACE))
 			rc = 0;
 		else
 			rc = -EACCES;
@@ -1646,7 +1646,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
 	skp = file->f_security;
 	rc = smk_access(skp, tkp, MAY_WRITE, NULL);
 	rc = smk_bu_note("sigiotask", skp, tkp, MAY_WRITE, rc);
-	if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
+	if (rc != 0 && smack_has_privilege(tsk, CAP_MAC_OVERRIDE))
 		rc = 0;
 
 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
-- 
2.1.0

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ