lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 08 Feb 2007 10:07:50 -0500
From:	Stephen Smalley <sds@...ho.nsa.gov>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
Cc:	Andrew Morton <akpm@...l.org>, Ingo Molnar <mingo@...e.hu>,
	tglx@...utronix.de, linux-kernel@...r.kernel.org,
	selinux@...ho.nsa.gov, jmorris@...ei.org
Subject: Re: [PATCH 2/2] sysctl: Restore the selinux path based label
	lookup for sysctls.

On Wed, 2007-02-07 at 15:21 -0700, Eric W. Biederman wrote:
> Stephen Smalley <sds@...ho.nsa.gov> writes:
> 
> > Actually, on further inspection, it looks like the real issue is the
> > "path" name generation; "cat /proc/sys/kernel/modprobe" yields a call to
> > security_genfs_sid() with just "/modprobe" rather than the expected
> > "/sys/kernel/modprobe".  Which likewise leaves us with the generic proc
> > label, just as with the inode permission check, so I end up seeing
> > checks against it only.
> 
> Ok.  It looks like two silly thing are going on here.
> I failed to register the root sysctl table, so none of the parent
> pointers got set.
> 
> I didn't prepend /sys in the compatibility code, so for something with
> the parent pointers set you would have gotten "/kernel/modprobe" instead
> of /sys/kernel/modprobe"
> 
> Sorry about that.
> 
> I think the patch below will fix it.

Yes, thanks - this appears to correct the name generation and thus the
resulting SID computation for the selinux sysctl checks.  

> Eric
> 
> diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
> index 24f36f1..f316854 100644
> --- a/include/linux/sysctl.h
> +++ b/include/linux/sysctl.h
> @@ -929,8 +929,6 @@ extern struct ctl_table_header *sysctl_head_next(struct ctl_table_header *prev);
>  extern void sysctl_head_finish(struct ctl_table_header *prev);
>  extern int sysctl_perm(struct ctl_table *table, int op);
>  
> -extern void sysctl_init(void);
> -
>  typedef struct ctl_table ctl_table;
>  
>  typedef int ctl_handler (ctl_table *table, int __user *name, int nlen,
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index 0a5499f..0bb2c5f 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -1241,6 +1241,14 @@ static void sysctl_set_parent(struct ctl_table *parent, struct ctl_table *table)
>  	}
>  }
>  
> +static __init int sysctl_init(void)
> +{
> +	sysctl_set_parent(NULL, root_table);
> +	return 0;
> +}
> +
> +core_initcall(sysctl_init);
> +
>  /**
>   * register_sysctl_table - register a sysctl hierarchy
>   * @table: the top-level table structure
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index c17a8dd..aad2697 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1452,6 +1452,12 @@ static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
>  		path = end;
>  		table = table->parent;
>  	}
> +	buflen -= 4;
> +	if (buflen < 0)
> +		goto out_free;
> +	end -= 4;
> +	memcpy(end, "/sys", 4);
> +	path = end;
>  	rc = security_genfs_sid("proc", path, tclass, sid);
>  out_free:
>  	free_page((unsigned long)buffer);
> 


-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ