lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 26 Sep 2008 22:27:48 -0400
From:	"Serge E. Hallyn" <serue@...ibm.com>
To:	linux-kernel@...r.kernel.org
Cc:	linux-security-module@...r.kernel.org,
	"Serge E. Hallyn" <serue@...ibm.com>
Subject: [PATCH 4/6] file capabilities: clean up setcap code

Clean up the sys_capset codepath a bit to account for the fact
that you can now not ever, never, capset on another task.

Signed-off-by: Serge E. Hallyn <serue@...ibm.com>
---
 kernel/capability.c |   83 +++++++++++++++++++-------------------------------
 1 files changed, 32 insertions(+), 51 deletions(-)

diff --git a/kernel/capability.c b/kernel/capability.c
index d39c989..92dd85b 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -132,46 +132,31 @@ static int cap_validate_magic(cap_user_header_t header, unsigned *tocopy)
  * process. The net result is that we can limit our use of locks to
  * when we are reading the caps of another process.
  */
-static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp,
+static int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp,
 				     kernel_cap_t *pIp, kernel_cap_t *pPp)
 {
 	int ret;
+	struct task_struct *target;
 
-	if (pid && (pid != task_pid_vnr(current))) {
-		struct task_struct *target;
+	if (!pid || pid == task_pid_vnr(current))
+		return security_capget(current, pEp, pIp, pPp);
 
-		spin_lock(&task_capability_lock);
-		read_lock(&tasklist_lock);
+	spin_lock(&task_capability_lock);
+	read_lock(&tasklist_lock);
 
-		target = find_task_by_vpid(pid);
-		if (!target)
-			ret = -ESRCH;
-		else
-			ret = security_capget(target, pEp, pIp, pPp);
+	target = find_task_by_vpid(pid);
+	if (!target)
+		ret = -ESRCH;
+	else
+		ret = security_capget(target, pEp, pIp, pPp);
 
-		read_unlock(&tasklist_lock);
-		spin_unlock(&task_capability_lock);
-	} else
-		ret = security_capget(current, pEp, pIp, pPp);
+	read_unlock(&tasklist_lock);
+	spin_unlock(&task_capability_lock);
 
 	return ret;
 }
 
 /*
- * With filesystem capability support configured, the kernel does not
- * permit the changing of capabilities in one process by another
- * process. (CAP_SETPCAP has much less broad semantics when configured
- * this way.)
- */
-static inline int do_sys_capset_other_tasks(pid_t pid,
-					    kernel_cap_t *effective,
-					    kernel_cap_t *inheritable,
-					    kernel_cap_t *permitted)
-{
-	return -EPERM;
-}
-
-/*
  * Atomically modify the effective capabilities returning the original
  * value. No permission check is performed here - it is assumed that the
  * caller is permitted to set the desired effective capabilities.
@@ -293,6 +278,9 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
 	if (get_user(pid, &header->pid))
 		return -EFAULT;
 
+	if (pid && (pid != task_pid_vnr(current)))
+		return -EPERM;
+
 	if (copy_from_user(&kdata, data, tocopy
 			   * sizeof(struct __user_cap_data_struct))) {
 		return -EFAULT;
@@ -310,30 +298,23 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
 		i++;
 	}
 
-	if (pid && (pid != task_pid_vnr(current)))
-		ret = do_sys_capset_other_tasks(pid, &effective, &inheritable,
-						&permitted);
-	else {
-		/*
-		 * This lock is required even when filesystem
-		 * capability support is configured - it protects the
-		 * sys_capget() call from returning incorrect data in
-		 * the case that the targeted process is not the
-		 * current one.
-		 */
-		spin_lock(&task_capability_lock);
+	/*
+	 * This lock protects the sys_capget() call from
+	 * returning incorrect data in the case that the targeted
+	 * process is not the current one.
+	 */
+	spin_lock(&task_capability_lock);
 
-		ret = security_capset_check(current, &effective, &inheritable,
-					    &permitted);
-		/*
-		 * Having verified that the proposed changes are
-		 * legal, we now put them into effect.
-		 */
-		if (!ret)
-			security_capset_set(current, &effective, &inheritable,
-					    &permitted);
-		spin_unlock(&task_capability_lock);
-	}
+	ret = security_capset_check(current, &effective, &inheritable,
+				    &permitted);
+	/*
+	 * Having verified that the proposed changes are
+	 * legal, we now put them into effect.
+	 */
+	if (!ret)
+		security_capset_set(current, &effective, &inheritable,
+				    &permitted);
+	spin_unlock(&task_capability_lock);
 
 
 	return ret;
-- 
1.5.1.1.GIT

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists