lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 23 Jun 2007 19:54:39 +0200 (CEST) From: Jan Engelhardt <jengelh@...putergmbh.de> To: Alexander Wuerstlein <arw@....name> cc: linux-kernel@...r.kernel.org, Johannes Schlumberger <spjsschl@...d.informatik.uni-erlangen.de> Subject: Re: [PATCH] Check files' signatures before doing suid/sgid [2/4] On Jun 22 2007 20:25, Alexander Wuerstlein wrote: >+#ifdef CONFIG_SNS_SIGNED >+#include <linux/sns.h> >+#endif > > #include <asm/uaccess.h> > #include <asm/mmu_context.h> >@@ -928,13 +931,21 @@ int prepare_binprm(struct linux_binprm *bprm) > mode = inode->i_mode; > if (bprm->file->f_op == NULL) > return -EACCES; >+#ifdef CONFIG_SNS_SIGNED >+ if (mode & S_ISUID) >+ current->sns_valid_sig = sns_signature_valid(bprm->file); >+#endif > > bprm->e_uid = current->euid; > bprm->e_gid = current->egid; > > if(!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) { > /* Set-uid? */ >- if (mode & S_ISUID) { >+#ifdef CONFIG_SNS_SIGNED_SETUID >+ if (mode & S_ISUID && current->sns_valid_sig) { >+#else >+ if (mode & S_ISUID) { >+#endif /*SNS_SIGNED_SETUID*/ > current->personality &= ~PER_CLEAR_ON_SETID; > bprm->e_uid = inode->i_uid; > } >@@ -945,7 +956,11 @@ int prepare_binprm(struct linux_binprm *bprm) > * is a candidate for mandatory locking, not a setgid > * executable. > */ >- if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { >+#ifdef CONFIG_SNS_SIGNED_SETGID >+ if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) && current->sns_valid_sig) { >+#else >+ if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { >+#endif /*SNS_SIGNED_SETGID*/ > current->personality &= ~PER_CLEAR_ON_SETID; > bprm->e_gid = inode->i_gid; > } ... That's a lot of unwanted ifdefs! Jan -- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists