[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20081014205228.1057.97074.stgit@paris.rdu.redhat.com>
Date: Tue, 14 Oct 2008 16:52:28 -0400
From: Eric Paris <eparis@...hat.com>
To: linux-kernel@...r.kernel.org, malware-list@...ts.printk.net
Cc: viro@...IV.linux.org.uk, alan@...rguk.ukuu.org.uk,
arjan@...radead.org, greg@...ah.com, tytso@....edu
Subject: [PATCH -v2 11/16] fanotify: give a special access permission check
add a special FANOTIFY_ACCESS_EXEC_PERM check. This will be applied any
place a process tries to access a file with execute permissions. Mainly
sys_execve, sys_uselib, and mmap'ing a file for exec.
Signed-off-by: Eric Paris <eparis@...hat.com>
---
fs/aio.c | 4 ++--
fs/exec.c | 10 ++++++++++
fs/read_write.c | 2 +-
include/linux/fanotify.h | 6 ++++--
mm/mmap.c | 7 +++++++
mm/mprotect.c | 6 ++++++
mm/nommu.c | 7 +++++++
7 files changed, 37 insertions(+), 5 deletions(-)
diff --git a/fs/aio.c b/fs/aio.c
index 008de79..6395403 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1455,7 +1455,7 @@ static ssize_t aio_setup_iocb(struct kiocb *kiocb)
ret = security_file_permission(file, MAY_READ);
if (unlikely(ret))
break;
- ret = fanotify(file, FAN_ACCESS_PERM);
+ ret = fanotify(file, FAN_ACCESS_NOEXEC_PERM);
if (unlikely(ret))
break;
ret = aio_setup_single_vector(kiocb);
@@ -1490,7 +1490,7 @@ static ssize_t aio_setup_iocb(struct kiocb *kiocb)
ret = security_file_permission(file, MAY_READ);
if (unlikely(ret))
break;
- ret = fanotify(file, FAN_ACCESS_PERM);
+ ret = fanotify(file, FAN_ACCESS_NOEXEC_PERM);
if (unlikely(ret))
break;
ret = aio_setup_vectored_rw(READ, kiocb);
diff --git a/fs/exec.c b/fs/exec.c
index 3612805..ab45d65 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -140,6 +140,11 @@ asmlinkage long sys_uselib(const char __user * library)
goto out;
fsnotify_open_exec(file);
+ error = fanotify(file, FAN_ACCESS_EXEC_PERM);
+ if (error) {
+ fput(file);
+ goto out;
+ }
error = -ENOEXEC;
if(file->f_op) {
@@ -694,6 +699,11 @@ struct file *open_exec(const char *name)
return file;
fsnotify_open_exec(file);
+ err = fanotify(file, FAN_ACCESS_EXEC_PERM);
+ if (err) {
+ fput(file);
+ goto out;
+ }
err = deny_write_access(file);
if (err) {
diff --git a/fs/read_write.c b/fs/read_write.c
index a74cf76..8ab4646 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -203,7 +203,7 @@ int rw_verify_area(int read_write, struct file *file, loff_t *ppos, size_t count
if (retval)
return retval;
if (read_write == READ) {
- retval = fanotify(file, FAN_ACCESS_PERM);
+ retval = fanotify(file, FAN_ACCESS_NOEXEC_PERM);
if (retval)
return retval;
}
diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h
index 0405e4c..07b8e77 100644
--- a/include/linux/fanotify.h
+++ b/include/linux/fanotify.h
@@ -18,8 +18,9 @@
#define FAN_OPEN_EXEC 0x00000020 /* File was opened with the intention of being exec'ed */
/* userspace may also request blocking for permission checks for open and read */
-#define FAN_ACCESS_PERM 0x00000100
-#define FAN_OPEN_PERM 0x00000200
+#define FAN_ACCESS_NOEXEC_PERM 0x00000100
+#define FAN_ACCESS_EXEC_PERM 0x00000200
+#define FAN_OPEN_PERM 0x00000400
/* FIXME currently Q's have no limit.... */
#define FAN_Q_OVERFLOW 0x80000000 /* Event queued overflowed */
@@ -27,6 +28,7 @@
/* helper events */
#define FAN_CLOSE (FAN_CLOSE_WRITE | FAN_CLOSE_NOWRITE) /* close */
#define FAN_OPEN (FAN_OPEN_NOEXEC | FAN_OPEN_EXEC) /* open */
+#define FAN_ACCESS_PERM (FAN_ACCESS_NOEXEC_PERM | FAN_ACCESS_EXEC_PERM) /* access perm */
/*
* All of the events - we build the list by hand so that we can add flags in
diff --git a/mm/mmap.c b/mm/mmap.c
index e7a5a68..35d051f 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -18,6 +18,7 @@
#include <linux/init.h>
#include <linux/file.h>
#include <linux/fs.h>
+#include <linux/fanotify.h>
#include <linux/personality.h>
#include <linux/security.h>
#include <linux/hugetlb.h>
@@ -1027,6 +1028,12 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr,
default:
return -EINVAL;
}
+
+ if (prot & PROT_EXEC) {
+ error = fanotify(file, FAN_ACCESS_EXEC_PERM);
+ if (error)
+ return error;
+ }
} else {
switch (flags & MAP_TYPE) {
case MAP_SHARED:
diff --git a/mm/mprotect.c b/mm/mprotect.c
index fded06f..af1da2d 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -16,6 +16,7 @@
#include <linux/fs.h>
#include <linux/highmem.h>
#include <linux/security.h>
+#include <linux/fanotify.h>
#include <linux/mempolicy.h>
#include <linux/personality.h>
#include <linux/syscalls.h>
@@ -294,6 +295,11 @@ sys_mprotect(unsigned long start, size_t len, unsigned long prot)
if (error)
goto out;
+ if (vma->vm_file && (prot & PROT_EXEC))
+ error = fanotify(vma->vm_file, FAN_ACCESS_EXEC_PERM);
+ if (error)
+ goto out;
+
tmp = vma->vm_end;
if (tmp > end)
tmp = end;
diff --git a/mm/nommu.c b/mm/nommu.c
index ed75bc9..f541693 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -18,6 +18,7 @@
#include <linux/mman.h>
#include <linux/swap.h>
#include <linux/file.h>
+#include <linux/fanotify.h>
#include <linux/highmem.h>
#include <linux/pagemap.h>
#include <linux/slab.h>
@@ -709,6 +710,12 @@ static int validate_mmap_request(struct file *file,
/* backing file is not executable, try to copy */
capabilities &= ~BDI_CAP_MAP_DIRECT;
}
+
+ if (prot & PROT_EXEC) {
+ ret = fanotify(file, FAN_ACCESS_EXEC_PERM);
+ if (ret)
+ return ret;
+ }
}
else {
/* anonymous mappings are always memory backed and can be
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists