lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20061108195059.0931837d.chris@friedhoff.org>
Date:	Wed, 8 Nov 2006 19:50:59 +0100
From:	Chris Friedhoff <chris@...edhoff.org>
To:	"Serge E. Hallyn" <serue@...ibm.com>
Cc:	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	Stephen Smalley <sds@...ho.nsa.gov>,
	James Morris <jmorris@...ei.org>,
	Chris Wright <chrisw@...s-sol.org>,
	Andrew Morton <akpm@...l.org>,
	KaiGai Kohei <kaigai@...gai.gr.jp>
Subject: Re: [PATCH 1/1] security: introduce file posix caps

The patch from Nov 7 2006 with this fix configures, compiles, installs
and runns smotthly on 2.6.18.2.
I updated the page http://www.friedhoff.org/fscaps.html.
I also put the patch and this fix for download on the page and I put a
slackware-package with Kaigai Kohei's libcap/userspace tools on the
page.
I hope this will increase the interest and so testing of this patch.

Thanks Serge and Kaigai

Chris


On Tue, 7 Nov 2006 23:32:29 -0600
"Serge E. Hallyn" <serue@...ibm.com> wrote:

> Quoting Seth Arnold (seth.arnold@...e.de):
> > On Mon, Nov 06, 2006 at 09:45:50PM -0600, Serge E. Hallyn wrote:
> > >  #define CAP_AUDIT_CONTROL    30
> > >  
> > > +#define CAP_NUMCAPS	     31
> > 
> > [...]
> > 
> > > +struct vfs_cap_data_struct {
> > > +	__u32 version;
> > > +	__u32 effective;
> > > +	__u32 permitted;
> > > +	__u32 inheritable;
> > > +};
> > 
> > [...]
> > 
> > > +static int check_cap_sanity(struct vfs_cap_data_struct *cap)
> > > +{
> > > +	int i;
> > > +
> > > +	if (cap->version != _LINUX_CAPABILITY_VERSION)
> > > +		return -EPERM;
> > > +
> > > +	for (i=CAP_NUMCAPS; i<sizeof(cap->effective); i++) {
> > > +		if (cap->effective & CAP_TO_MASK(i))
> > > +			return -EPERM;
> > > +	}
> > > +	for (i=CAP_NUMCAPS; i<sizeof(cap->permitted); i++) {
> > > +		if (cap->permitted & CAP_TO_MASK(i))
> > > +			return -EPERM;
> > > +	}
> > > +	for (i=CAP_NUMCAPS; i<sizeof(cap->inheritable); i++) {
> > > +		if (cap->inheritable & CAP_TO_MASK(i))
> > > +			return -EPERM;
> > > +	}
> > > +
> > > +	return 0;
> > > +}
> > 
> > for (i=31; i<4; i++) ...
> > 
> > I'm not sure this checks what you think it checks? :)
> 
> Thanks again for catching this.  Here is the obvious patch.  Hopefully
> I have it right this time.
> 
> >From b91c46589b13bab78ddf431245a7ecbd59bcf2fd Mon Sep 17 00:00:00 2001
> From: Serge E. Hallyn <serue@...ibm.com>
> Date: Tue, 7 Nov 2006 23:16:06 -0600
> Subject: [PATCH 1/1] fscaps: fix cap sanity check
> 
> When checking for valid capabilities on files, we want to
> make sure that unused bits are not set.  Fix the calculation
> of the highest bit checked.
> 
> Signed-off-by: Serge E. Hallyn <serue@...ibm.com>
> ---
>  security/commoncap.c |    6 +++---
>  1 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/security/commoncap.c b/security/commoncap.c
> index 6a0d033..6f5e46c 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -133,15 +133,15 @@ static int check_cap_sanity(struct vfs_c
>  	if (cap->version != _LINUX_CAPABILITY_VERSION)
>  		return -EPERM;
>  
> -	for (i=CAP_NUMCAPS; i<sizeof(cap->effective); i++) {
> +	for (i=CAP_NUMCAPS; i<8*sizeof(cap->effective); i++) {
>  		if (cap->effective & CAP_TO_MASK(i))
>  			return -EPERM;
>  	}
> -	for (i=CAP_NUMCAPS; i<sizeof(cap->permitted); i++) {
> +	for (i=CAP_NUMCAPS; i<8*sizeof(cap->permitted); i++) {
>  		if (cap->permitted & CAP_TO_MASK(i))
>  			return -EPERM;
>  	}
> -	for (i=CAP_NUMCAPS; i<sizeof(cap->inheritable); i++) {
> +	for (i=CAP_NUMCAPS; i<8*sizeof(cap->inheritable); i++) {
>  		if (cap->inheritable & CAP_TO_MASK(i))
>  			return -EPERM;
>  	}
> -- 
> 1.4.3.3
> 


--------------------
Chris Friedhoff
chris@...edhoff.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ