lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20061214170229.d0f06a57.randy.dunlap@oracle.com>
Date:	Thu, 14 Dec 2006 17:02:29 -0800
From:	Randy Dunlap <randy.dunlap@...cle.com>
To:	Zack Weinberg <zackw@...ix.com>
Cc:	Stephen Smalley <sds@...ho.nsa.gov>, jmorris@...ei.org,
	Chris Wright <chrisw@...s-sol.org>,
	linux-kernel@...r.kernel.org
Subject: Re: [patch 2/4] permission mapping for sys_syslog operations

On Thu, 14 Dec 2006 16:16:41 -0800 Zack Weinberg wrote:

> As suggested by Stephen Smalley: map the various sys_syslog operations
> to a smaller set of privilege codes before calling security modules.
> This patch changes the security module interface!  There should be no
> change in the actual security semantics enforced by dummy, capability,
> nor SELinux (with one exception, clearly marked in sys_syslog).
> 
> Change from previous version of patch: the privilege codes are now
> in linux/security.h instead of linux/klog.h, and use the LSM_* naming
> convention used for other such constants in that file.
> 
> 
> Index: linux-2.6/kernel/printk.c
> ===================================================================
> --- linux-2.6.orig/kernel/printk.c	2006-12-13 16:06:22.000000000 -0800
> +++ linux-2.6/kernel/printk.c	2006-12-13 16:08:30.000000000 -0800
> @@ -164,6 +164,12 @@
>  
>  __setup("log_buf_len=", log_buf_len_setup);
>  
> +#define security_syslog_or_fail(type) do {		\
> +		int error = security_syslog(type);	\
> +		if (error)				\
> +			return error;			\
> +	} while (0)
> +

>From Documentation/CodingStyle:

Things to avoid when using macros:

1) macros that affect control flow: ...


>  /* See linux/klog.h for the command numbers passed as the first argument.  */
>  int do_syslog(int type, char __user *buf, int len)
>  {
> @@ -172,16 +178,15 @@
>  	char c;
>  	int error = 0;
>  
> -	error = security_syslog(type);
> -	if (error)
> -		return error;
> -
>  	switch (type) {
>  	case KLOG_CLOSE:
> +		security_syslog_or_fail(LSM_KLOG_READ);
>  		break;
>  	case KLOG_OPEN:
> +		security_syslog_or_fail(LSM_KLOG_READ);
>  		break;
>  	case KLOG_READ:
> +		security_syslog_or_fail(LSM_KLOG_READ);
>  		error = -EINVAL;
>  		if (!buf || len < 0)
>  			goto out;
> @@ -213,9 +218,11 @@
>  			error = i;
>  		break;
>  	case KLOG_READ_CLEAR_HIST:
> +		security_syslog_or_fail(LSM_KLOG_CLEARHIST);
>  		do_clear = 1;
>  		/* FALL THRU */
>  	case KLOG_READ_HIST:
> +		security_syslog_or_fail(LSM_KLOG_READHIST);
>  		error = -EINVAL;
>  		if (!buf || len < 0)
>  			goto out;
> @@ -269,15 +276,19 @@
>  		}
>  		break;
>  	case KLOG_CLEAR_HIST:
> +		security_syslog_or_fail(LSM_KLOG_CLEARHIST);
>  		logged_chars = 0;
>  		break;
>  	case KLOG_DISABLE_CONSOLE:
> +		security_syslog_or_fail(LSM_KLOG_CONSOLE);
>  		console_loglevel = minimum_console_loglevel;
>  		break;
>  	case KLOG_ENABLE_CONSOLE:
> +		security_syslog_or_fail(LSM_KLOG_CONSOLE);
>  		console_loglevel = default_console_loglevel;
>  		break;
>  	case KLOG_SET_CONSOLE_LVL:
> +		security_syslog_or_fail(LSM_KLOG_CONSOLE);
>  		error = -EINVAL;
>  		if (len < 1 || len > 8)
>  			goto out;
> @@ -287,9 +298,18 @@
>  		error = 0;
>  		break;
>  	case KLOG_GET_UNREAD:
> +		security_syslog_or_fail(LSM_KLOG_READ);
>  		error = log_end - log_start;
>  		break;


---
~Randy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ