lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1212500618.11369.11.camel@moss-spartans.epoch.ncsc.mil>
Date:	Tue, 03 Jun 2008 09:43:38 -0400
From:	Stephen Smalley <sds@...ho.nsa.gov>
To:	Miklos Szeredi <miklos@...redi.hu>
Cc:	linux-security-module@...r.kernel.org,
	linux-fsdevel@...r.kernel.org, jmorris@...ei.org,
	eparis@...hat.com, casey@...aufler-ca.com, agruen@...e.de,
	jjohansen@...e.de, penguin-kernel@...ove.SAKURA.ne.jp,
	hch@...radead.org, viro@...IV.linux.org.uk,
	linux-kernel@...r.kernel.org
Subject: Re: [patch 01/15] security: pass path to inode_create


On Thu, 2008-05-29 at 15:49 +0200, Miklos Szeredi wrote:
> plain text document attachment (security_create_path.patch)
> From: Miklos Szeredi <mszeredi@...e.cz>
> 
> In the inode_create() security operation and related functions pass
> the path (vfsmount + dentry) to the parent directory instead of the
> inode.  AppArmor will need this.
> 
> Signed-off-by: Miklos Szeredi <mszeredi@...e.cz>
> ---
>  fs/namei.c               |   12 ++++++------
>  include/linux/security.h |    9 ++++-----
>  security/dummy.c         |    4 ++--
>  security/security.c      |    4 ++--
>  security/selinux/hooks.c |    5 +++--
>  5 files changed, 17 insertions(+), 17 deletions(-)
> 
> Index: linux-2.6/fs/namei.c
> ===================================================================
> --- linux-2.6.orig/fs/namei.c	2008-05-29 12:20:49.000000000 +0200
> +++ linux-2.6/fs/namei.c	2008-05-29 12:20:51.000000000 +0200
> @@ -1586,11 +1586,11 @@ void unlock_rename(struct dentry *p1, st
>  	}
>  }
>  
> -static int vfs_create(struct dentry *dir_dentry, struct dentry *dentry,
> +static int vfs_create(struct path *dir_path, struct dentry *dentry,
>  		      int mode,	struct nameidata *nd)
>  {
> -	struct inode *dir = dir_dentry->d_inode;
> -	int error = may_create(dir_dentry, dentry);
> +	struct inode *dir = dir_path->dentry->d_inode;
> +	int error = may_create(dir_path->dentry, dentry);
>  
>  	if (error)
>  		return error;
> @@ -1599,7 +1599,7 @@ static int vfs_create(struct dentry *dir
>  		return -EACCES;	/* shouldn't it be ENOSYS? */
>  	mode &= S_IALLUGO;
>  	mode |= S_IFREG;
> -	error = security_inode_create(dir, dentry, mode);
> +	error = security_inode_create(dir_path, dentry, mode);
>  	if (error)
>  		return error;
>  	DQUOT_INIT(dir);
> @@ -1615,7 +1615,7 @@ int path_create(struct path *dir_path, s
>  	int error = mnt_want_write(dir_path->mnt);
>  
>  	if (!error) {
> -		error = vfs_create(dir_path->dentry, dentry, mode, nd);
> +		error = vfs_create(dir_path, dentry, mode, nd);
>  		mnt_drop_write(dir_path->mnt);
>  	}
>  
> @@ -1718,7 +1718,7 @@ static int __open_namei_create(struct na
>  
>  	if (!IS_POSIXACL(dir->d_inode))
>  		mode &= ~current->fs->umask;
> -	error = vfs_create(dir, path->dentry, mode, nd);
> +	error = vfs_create(&nd->path, path->dentry, mode, nd);
>  	mutex_unlock(&dir->d_inode->i_mutex);
>  	dput(nd->path.dentry);
>  	nd->path.dentry = path->dentry;
> Index: linux-2.6/include/linux/security.h
> ===================================================================
> --- linux-2.6.orig/include/linux/security.h	2008-05-29 12:20:48.000000000 +0200
> +++ linux-2.6/include/linux/security.h	2008-05-29 12:20:51.000000000 +0200
> @@ -339,7 +339,7 @@ static inline void security_free_mnt_opt
>   *		-ENOMEM on memory allocation failure.
>   * @inode_create:
>   *	Check permission to create a regular file.
> - *	@dir contains inode structure of the parent of the new file.
> + *	@dir contains the path to the parent of the new file.
>   *	@dentry contains the dentry structure for the file to be created.
>   *	@mode contains the file mode of the file to be created.
>   *	Return 0 if permission is granted.
> @@ -1353,8 +1353,7 @@ struct security_operations {
>  	void (*inode_free_security) (struct inode *inode);
>  	int (*inode_init_security) (struct inode *inode, struct inode *dir,
>  				    char **name, void **value, size_t *len);
> -	int (*inode_create) (struct inode *dir,
> -			     struct dentry *dentry, int mode);
> +	int (*inode_create) (struct path *dir, struct dentry *dentry, int mode);
>  	int (*inode_link) (struct dentry *old_dentry,
>  			   struct inode *dir, struct dentry *new_dentry);
>  	int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
> @@ -1626,7 +1625,7 @@ int security_inode_alloc(struct inode *i
>  void security_inode_free(struct inode *inode);
>  int security_inode_init_security(struct inode *inode, struct inode *dir,
>  				  char **name, void **value, size_t *len);
> -int security_inode_create(struct inode *dir, struct dentry *dentry, int mode);
> +int security_inode_create(struct path *dir, struct dentry *dentry, int mode);
>  int security_inode_link(struct dentry *old_dentry, struct inode *dir,
>  			 struct dentry *new_dentry);
>  int security_inode_unlink(struct inode *dir, struct dentry *dentry);
> @@ -1964,7 +1963,7 @@ static inline int security_inode_init_se
>  	return -EOPNOTSUPP;
>  }
>  
> -static inline int security_inode_create(struct inode *dir,
> +static inline int security_inode_create(struct path *dir,
>  					 struct dentry *dentry,
>  					 int mode)
>  {
> Index: linux-2.6/security/dummy.c
> ===================================================================
> --- linux-2.6.orig/security/dummy.c	2008-05-29 12:20:48.000000000 +0200
> +++ linux-2.6/security/dummy.c	2008-05-29 12:20:51.000000000 +0200
> @@ -286,8 +286,8 @@ static int dummy_inode_init_security (st
>  	return -EOPNOTSUPP;
>  }
>  
> -static int dummy_inode_create (struct inode *inode, struct dentry *dentry,
> -			       int mask)
> +static int dummy_inode_create(struct path *dir, struct dentry *dentry,
> +			      int mask)
>  {
>  	return 0;
>  }
> Index: linux-2.6/security/selinux/hooks.c
> ===================================================================
> --- linux-2.6.orig/security/selinux/hooks.c	2008-05-29 12:20:48.000000000 +0200
> +++ linux-2.6/security/selinux/hooks.c	2008-05-29 12:20:51.000000000 +0200
> @@ -2482,9 +2482,10 @@ static int selinux_inode_init_security(s
>  	return 0;
>  }
>  
> -static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
> +static int selinux_inode_create(struct path *dir, struct dentry *dentry,
> +				int mask)
>  {
> -	return may_create(dir, dentry, SECCLASS_FILE);
> +	return may_create(dir->dentry->d_inode, dentry, SECCLASS_FILE);
>  }
>  
>  static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)

This may be moot given the vfs maintainers' objections, but if you were
to make this change, then logically you'd push the struct path all the
way down and set it in the avc_audit_data so that it could be used by
avc_audit() for emitting a pathname in the audit record.  Likewise for
the other hook changes.

-- 
Stephen Smalley
National Security Agency

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ