lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <486AC574.1080405@schaufler-ca.com>
Date:	Tue, 01 Jul 2008 17:01:56 -0700
From:	Casey Schaufler <casey@...aufler-ca.com>
To:	Miklos Szeredi <miklos@...redi.hu>
CC:	akpm@...ux-foundation.org, linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [patch] smack: remove unnecessary xattr checks

Miklos Szeredi wrote:
> Hi Casey,
>
> This is an untested patch, if it looks OK, can you please apply it to
> your tree (or ACK it)?
>
> Thanks,
> Miklos
>
> ----
> From: Miklos Szeredi <mszeredi@...e.cz>
>
> getxattr() calls security_inode_permission(MAY_READ) so
> smack_inode_getxattr() is unnecessary.
>
> setxattr() and removexattr() call security_inode_permission(MAY_WRITE)
> so the write permission checks in smack_inode_setxattr() and
> smack_inode_removexattr() are unnecessary.
>
> Signed-off-by: Miklos Szeredi <mszeredi@...e.cz>
>   
Nacked-by: Casey Schaufler <casey@...aufler-ca.com>

I tried your patch without looking at it and found that
getxattr is too permissive with your changes. I found that

   % ls -l foo

will fail while

   % attr -S -g SMACK64 foo

will succeed. Of course if stat() fails due to a Smack
access check getxattr() ought to as well. So it would
appear that the call to security_inode_permission is not
sufficient.


> ---
>  security/smack/smack_lsm.c |   19 -------------------
>  1 file changed, 19 deletions(-)
>
> Index: linux-2.6/security/smack/smack_lsm.c
> ===================================================================
> --- linux-2.6.orig/security/smack/smack_lsm.c	2008-07-01 21:44:05.000000000 +0200
> +++ linux-2.6/security/smack/smack_lsm.c	2008-07-01 21:45:27.000000000 +0200
> @@ -588,9 +588,6 @@ static int smack_inode_setxattr(struct d
>  	} else
>  		rc = cap_inode_setxattr(dentry, name, value, size, flags);
>  
> -	if (rc == 0)
> -		rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
> -
>  	return rc;
>  }
>  
> @@ -636,18 +633,6 @@ static void smack_inode_post_setxattr(st
>  }
>  
>  /*
> - * smack_inode_getxattr - Smack check on getxattr
> - * @dentry: the object
> - * @name: unused
> - *
> - * Returns 0 if access is permitted, an error code otherwise
> - */
> -static int smack_inode_getxattr(struct dentry *dentry, const char *name)
> -{
> -	return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ);
> -}
> -
> -/*
>   * smack_inode_removexattr - Smack check on removexattr
>   * @dentry: the object
>   * @name: name of the attribute
> @@ -668,9 +653,6 @@ static int smack_inode_removexattr(struc
>  	} else
>  		rc = cap_inode_removexattr(dentry, name);
>  
> -	if (rc == 0)
> -		rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
> -
>  	return rc;
>  }
>  
> @@ -2606,7 +2588,6 @@ struct security_operations smack_ops = {
>  	.inode_getattr = 		smack_inode_getattr,
>  	.inode_setxattr = 		smack_inode_setxattr,
>  	.inode_post_setxattr = 		smack_inode_post_setxattr,
> -	.inode_getxattr = 		smack_inode_getxattr,
>  	.inode_removexattr = 		smack_inode_removexattr,
>  	.inode_need_killpriv =		cap_inode_need_killpriv,
>  	.inode_killpriv =		cap_inode_killpriv,
>
>
>   


-- 

----------------------

Casey Schaufler
casey@...aufler-ca.com
650.906.1780


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ