lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080225174229.GA22087@tv-sign.ru>
Date:	Mon, 25 Feb 2008 20:42:29 +0300
From:	Oleg Nesterov <oleg@...sign.ru>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Casey Schaufler <casey@...aufler-ca.com>,
	David Quigley <dpquigl@...ho.nsa.gov>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Eric Paris <eparis@...hat.com>,
	Harald Welte <laforge@...monks.org>,
	Pavel Emelyanov <xemul@...nvz.org>,
	"Serge E. Hallyn" <serue@...ibm.com>,
	Stephen Smalley <sds@...ho.nsa.gov>,
	linux-kernel@...r.kernel.org
Subject: [PATCH 3/3] security_task_kill: kill now unused "secid" argument

After the previous patch security_task_kill() is always called with secid == 0.
Remove this argument and simplify the ->task_kill() implementations.

Signed-off-by: Oleg Nesterov <oleg@...sign.ru>

 include/linux/security.h   |   13 +++++--------
 kernel/signal.c            |    2 +-
 security/security.c        |    5 ++---
 security/commoncap.c       |   14 ++------------
 security/dummy.c           |    2 +-
 security/smack/smack_lsm.c |   12 ++----------
 security/selinux/hooks.c   |   13 ++++---------
 7 files changed, 17 insertions(+), 44 deletions(-)

--- 25/include/linux/security.h~3_STK_NO_SECID	2008-02-15 16:59:17.000000000 +0300
+++ 25/include/linux/security.h	2008-02-25 20:00:01.000000000 +0300
@@ -63,7 +63,7 @@ extern int cap_inode_need_killpriv(struc
 extern int cap_inode_killpriv(struct dentry *dentry);
 extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
 extern void cap_task_reparent_to_init (struct task_struct *p);
-extern int cap_task_kill(struct task_struct *p, struct siginfo *info, int sig, u32 secid);
+extern int cap_task_kill(struct task_struct *p, struct siginfo *info, int sig);
 extern int cap_task_setscheduler (struct task_struct *p, int policy, struct sched_param *lp);
 extern int cap_task_setioprio (struct task_struct *p, int ioprio);
 extern int cap_task_setnice (struct task_struct *p, int nice);
@@ -669,7 +669,6 @@ struct request_sock;
  *	@p contains the task_struct for process.
  *	@info contains the signal information.
  *	@sig contains the signal value.
- *	@secid contains the sid of the process where the signal originated
  *	Return 0 if permission is granted.
  * @task_wait:
  *	Check permission before allowing a process to reap a child process @p
@@ -1342,7 +1341,7 @@ struct security_operations {
 	int (*task_getscheduler) (struct task_struct * p);
 	int (*task_movememory) (struct task_struct * p);
 	int (*task_kill) (struct task_struct * p,
-			  struct siginfo * info, int sig, u32 secid);
+			  struct siginfo * info, int sig);
 	int (*task_wait) (struct task_struct * p);
 	int (*task_prctl) (int option, unsigned long arg2,
 			   unsigned long arg3, unsigned long arg4,
@@ -1596,8 +1595,7 @@ int security_task_setscheduler(struct ta
 				int policy, struct sched_param *lp);
 int security_task_getscheduler(struct task_struct *p);
 int security_task_movememory(struct task_struct *p);
-int security_task_kill(struct task_struct *p, struct siginfo *info,
-			int sig, u32 secid);
+int security_task_kill(struct task_struct *p, struct siginfo *info, int sig);
 int security_task_wait(struct task_struct *p);
 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 			 unsigned long arg4, unsigned long arg5);
@@ -2135,10 +2133,9 @@ static inline int security_task_movememo
 }
 
 static inline int security_task_kill (struct task_struct *p,
-				      struct siginfo *info, int sig,
-				      u32 secid)
+				      struct siginfo *info, int sig)
 {
-	return cap_task_kill(p, info, sig, secid);
+	return cap_task_kill(p, info, sig);
 }
 
 static inline int security_task_wait (struct task_struct *p)
--- 25/kernel/signal.c~3_STK_NO_SECID	2008-02-25 19:13:56.000000000 +0300
+++ 25/kernel/signal.c	2008-02-25 20:01:07.000000000 +0300
@@ -544,7 +544,7 @@ static int check_kill_permission(int sig
 	    && !capable(CAP_KILL))
 		return -EPERM;
 
-	return security_task_kill(t, info, sig, 0);
+	return security_task_kill(t, info, sig);
 }
 
 /* forward decl */
--- 25/security/security.c~3_STK_NO_SECID	2008-02-15 16:59:20.000000000 +0300
+++ 25/security/security.c	2008-02-25 20:03:09.000000000 +0300
@@ -673,10 +673,9 @@ int security_task_movememory(struct task
 	return security_ops->task_movememory(p);
 }
 
-int security_task_kill(struct task_struct *p, struct siginfo *info,
-			int sig, u32 secid)
+int security_task_kill(struct task_struct *p, struct siginfo *info, int sig)
 {
-	return security_ops->task_kill(p, info, sig, secid);
+	return security_ops->task_kill(p, info, sig);
 }
 
 int security_task_wait(struct task_struct *p)
--- 25/security/commoncap.c~3_STK_NO_SECID	2008-02-25 18:52:16.000000000 +0300
+++ 25/security/commoncap.c	2008-02-25 20:16:06.000000000 +0300
@@ -540,8 +540,7 @@ int cap_task_setnice (struct task_struct
 	return cap_safe_nice(p);
 }
 
-int cap_task_kill(struct task_struct *p, struct siginfo *info,
-				int sig, u32 secid)
+int cap_task_kill(struct task_struct *p, struct siginfo *info, int sig)
 {
 	/*
 	 * Running a setuid root program raises your capabilities.
@@ -556,14 +555,6 @@ int cap_task_kill(struct task_struct *p,
 	if (sig == SIGCONT && (task_session_nr(current) == task_session_nr(p)))
 		return 0;
 
-	if (secid)
-		/*
-		 * Signal sent as a particular user.
-		 * Capabilities are ignored.  May be wrong, but it's the
-		 * only thing we can do at the moment.
-		 * Used only by usb drivers?
-		 */
-		return 0;
 	if (cap_issubset(p->cap_permitted, current->cap_permitted))
 		return 0;
 	if (capable(CAP_KILL))
@@ -602,8 +593,7 @@ int cap_task_setnice (struct task_struct
 {
 	return 0;
 }
-int cap_task_kill(struct task_struct *p, struct siginfo *info,
-				int sig, u32 secid)
+int cap_task_kill(struct task_struct *p, struct siginfo *info, int sig)
 {
 	return 0;
 }
--- 25/security/dummy.c~3_STK_NO_SECID	2008-02-15 16:59:20.000000000 +0300
+++ 25/security/dummy.c	2008-02-25 20:08:47.000000000 +0300
@@ -589,7 +589,7 @@ static int dummy_task_wait (struct task_
 }
 
 static int dummy_task_kill (struct task_struct *p, struct siginfo *info,
-			    int sig, u32 secid)
+			    int sig)
 {
 	return 0;
 }
--- 25/security/smack/smack_lsm.c~3_STK_NO_SECID	2008-02-25 18:54:01.000000000 +0300
+++ 25/security/smack/smack_lsm.c	2008-02-25 20:10:08.000000000 +0300
@@ -1083,7 +1083,6 @@ static int smack_task_movememory(struct 
  * @p: the task object
  * @info: unused
  * @sig: unused
- * @secid: identifies the smack to use in lieu of current's
  *
  * Return 0 if write access is permitted
  *
@@ -1091,20 +1090,13 @@ static int smack_task_movememory(struct 
  * in the USB code. Someday it may go away.
  */
 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
-			   int sig, u32 secid)
+			   int sig)
 {
 	/*
 	 * Sending a signal requires that the sender
 	 * can write the receiver.
 	 */
-	if (secid == 0)
-		return smk_curacc(p->security, MAY_WRITE);
-	/*
-	 * If the secid isn't 0 we're dealing with some USB IO
-	 * specific behavior. This is not clean. For one thing
-	 * we can't take privilege into account.
-	 */
-	return smk_access(smack_from_secid(secid), p->security, MAY_WRITE);
+	return smk_curacc(p->security, MAY_WRITE);
 }
 
 /**
--- 25/security/selinux/hooks.c~3_STK_NO_SECID	2008-02-25 18:57:23.000000000 +0300
+++ 25/security/selinux/hooks.c	2008-02-25 20:13:43.000000000 +0300
@@ -3184,13 +3184,12 @@ static int selinux_task_movememory(struc
 }
 
 static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
-				int sig, u32 secid)
+				int sig)
 {
 	u32 perm;
 	int rc;
-	struct task_security_struct *tsec;
 
-	rc = secondary_ops->task_kill(p, info, sig, secid);
+	rc = secondary_ops->task_kill(p, info, sig);
 	if (rc)
 		return rc;
 
@@ -3198,12 +3197,8 @@ static int selinux_task_kill(struct task
 		perm = PROCESS__SIGNULL; /* null signal; existence test */
 	else
 		perm = signal_to_av(sig);
-	tsec = p->security;
-	if (secid)
-		rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL);
-	else
-		rc = task_has_perm(current, p, perm);
-	return rc;
+
+	return task_has_perm(current, p, perm);
 }
 
 static int selinux_task_prctl(int option,

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ