lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Nov 2008 15:12:03 -0800 From: Andrew Morton <akpm@...ux-foundation.org> To: Kentaro Takeda <takedakn@...data.co.jp> Cc: haradats@...data.co.jp, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, penguin-kernel@...ove.SAKURA.ne.jp, dhowells@...hat.com Subject: Re: [TOMOYO #12 (2.6.28-rc2-mm1) 02/11] Add in_execve flag into task_struct. On Tue, 04 Nov 2008 15:08:49 +0900 Kentaro Takeda <takedakn@...data.co.jp> wrote: > This patch allows LSM modules to determine whether current process is in an > execve operation or not so that they can behave differently while an execve > operation is in progress. > > This allows TOMOYO to dispense with a readability check on a file to be > executed under the process's current credentials, and to do it instead under > the proposed credentials. > > This is required with the new COW credentials because TOMOYO is no longer > allowed to mark the state temporarily in the security struct attached to the > task_struct. None of this patch applied. It seems that some credentials code has disappeared from linux-next. So I took a bet shot at reimplementing it - please check. If/when that code gets restored to linux-next I get to fix the patch again. It's a bit of collateral damage whcih happens when people muck up their trees. fs/compat.c | 3 +++ fs/exec.c | 3 +++ include/linux/sched.h | 2 ++ 3 files changed, 8 insertions(+) diff -puN fs/compat.c~tomoyo-add-in_execve-flag-into-task_struct fs/compat.c --- a/fs/compat.c~tomoyo-add-in_execve-flag-into-task_struct +++ a/fs/compat.c @@ -1388,6 +1388,7 @@ int compat_do_execve(char * filename, struct file *file; int retval; + current->in_execve = 1; retval = -ENOMEM; bprm = kzalloc(sizeof(*bprm), GFP_KERNEL); if (!bprm) @@ -1440,6 +1441,7 @@ int compat_do_execve(char * filename, retval = search_binary_handler(bprm, regs); if (retval >= 0) { /* execve success */ + current->in_execve = 0; security_bprm_free(bprm); acct_update_integrals(current); free_bprm(bprm); @@ -1464,6 +1466,7 @@ out_kfree: free_bprm(bprm); out_ret: + current->in_execve = 0; return retval; } diff -puN fs/exec.c~tomoyo-add-in_execve-flag-into-task_struct fs/exec.c --- a/fs/exec.c~tomoyo-add-in_execve-flag-into-task_struct +++ a/fs/exec.c @@ -1268,6 +1268,7 @@ int do_execve(char * filename, struct files_struct *displaced; int retval; + current->in_execve = 1; retval = unshare_files(&displaced); if (retval) goto out_ret; @@ -1325,6 +1326,7 @@ int do_execve(char * filename, retval = search_binary_handler(bprm,regs); if (retval >= 0) { /* execve success */ + current->in_execve = 0; security_bprm_free(bprm); acct_update_integrals(current); free_bprm(bprm); @@ -1353,6 +1355,7 @@ out_files: if (displaced) reset_files_struct(displaced); out_ret: + current->in_execve = 0; return retval; } diff -puN include/linux/sched.h~tomoyo-add-in_execve-flag-into-task_struct include/linux/sched.h --- a/include/linux/sched.h~tomoyo-add-in_execve-flag-into-task_struct +++ a/include/linux/sched.h @@ -1130,6 +1130,8 @@ struct task_struct { /* ??? */ unsigned int personality; unsigned did_exec:1; + unsigned in_execve:1; /* Tell the LSMs that the process is doing an + * execve */ pid_t pid; pid_t tgid; _ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists