| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1162911403.3009.33.camel@moss-spartans.epoch.ncsc.mil>
Date: Tue, 07 Nov 2006 09:56:43 -0500
From: Stephen Smalley <sds@...ho.nsa.gov>
To: "Serge E. Hallyn" <serue@...ibm.com>
Cc: linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
James Morris <jmorris@...ei.org>,
chris friedhoff <chris@...edhoff.org>,
Chris Wright <chrisw@...s-sol.org>,
Andrew Morton <akpm@...l.org>
Subject: Re: [PATCH 1/1] security: introduce file posix caps
On Mon, 2006-11-06 at 21:45 -0600, Serge E. Hallyn wrote:
> Implement file posix capabilities. This allows programs to be given
> a subset of root's powers regardless of who runs them, without
> having to use setuid and giving the binary all of root's powers.
> diff --git a/include/linux/security.h b/include/linux/security.h
> index b200b98..ea631ee 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -53,6 +53,10 @@ extern int cap_inode_setxattr(struct den
> extern int cap_inode_removexattr(struct dentry *dentry, char *name);
> extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
> extern void cap_task_reparent_to_init (struct task_struct *p);
> +extern int cap_task_kill(struct task_struct *p, struct siginfo *info, int sig, u32 secid);
> +extern int cap_task_setscheduler (struct task_struct *p, int policy, struct sched_param *lp);
> +extern int cap_task_setioprio (struct task_struct *p, int ioprio);
> +extern int cap_task_setnice (struct task_struct *p, int nice);
> extern int cap_syslog (int type);
> extern int cap_vm_enough_memory (long pages);
>
> @@ -2594,12 +2598,12 @@ static inline int security_task_setgroup
>
> static inline int security_task_setnice (struct task_struct *p, int nice)
> {
> - return 0;
> + return cap_task_setnice(p, nice);
> }
>
> static inline int security_task_setioprio (struct task_struct *p, int ioprio)
> {
> - return 0;
> + return cap_task_setioprio(p, ioprio);
> }
>
> static inline int security_task_getioprio (struct task_struct *p)
setscheduler change seems to be missing here.
> @@ -2634,7 +2638,7 @@ static inline int security_task_kill (st
> struct siginfo *info, int sig,
> u32 secid)
> {
> - return 0;
> + return cap_task_kill(p, info, sig, secid);
> }
>
> static inline int security_task_wait (struct task_struct *p)
> diff --git a/security/commoncap.c b/security/commoncap.c
> index 5a5ef5c..0eae004 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> +int cap_task_kill(struct task_struct *p, struct siginfo *info,
> + int sig, u32 secid)
> +{
> + if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
> + return 0;
> +
> + if (secid)
> + /*
> + * Signal sent as a particular user.
> + * Capabilities are ignored. May be wrong, but it's the
> + * only thing we can do at the moment.
> + * Used only by usb drivers?
> + */
> + return 0;
> + if (capable(CAP_KILL))
> + return 0;
This will trigger spurious audit messages; should only be checked if
next test fails.
> + if (cap_issubset(p->cap_permitted, current->cap_permitted))
> + return 0;
> +
> + return -EPERM;
> +}
> +
> void cap_task_reparent_to_init (struct task_struct *p)
> {
> p->cap_effective = CAP_INIT_EFF_SET;
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists