lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Nov 2009 10:20:45 -0500 From: Eric Paris <eparis@...isplace.org> To: John Johansen <john.johansen@...onical.com> Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [PATCH 11/12] AppArmor: LSM interface, and security module initialization On Tue, Nov 3, 2009 at 6:48 PM, John Johansen <john.johansen@...onical.com> wrote: > AppArmor hooks to interface with the LSM, and module parameters and > initialization. > > Signed-off-by: John Johansen <john.johansen@...onical.com> > --- > +static int apparmor_file_mmap(struct file *file, unsigned long reqprot, > + unsigned long prot, unsigned long flags, > + unsigned long addr, unsigned long addr_only) > +{ > + int rc = 0; > + struct aa_profile *profile = aa_current_profile_wupd(); > + /* > + * test before cap_file_mmap. For confined tasks AppArmor will > + * enforce the mmap value set in the profile or default > + * to LSM_MMAP_MIN_ADDR > + */ > + if (profile) { > + if (profile->flags & PFLAG_MMAP_MIN_ADDR) { > + if (addr < profile->mmap_min_addr) > + rc = -EACCES; > + } else if (addr < CONFIG_LSM_MMAP_MIN_ADDR) { > + rc = -EACCES; > + } > + if (rc) { > + struct aa_audit sa = { > + .operation = "file_mmap", > + .gfp_mask = GFP_KERNEL, > + .info = "addr < mmap_min_addr", > + .error = rc, > + }; > + return aa_audit(AUDIT_APPARMOR_DENIED, profile, &sa, > + NULL); > + } > + } > + rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); > + if (rc || addr_only) > + return rc; > + > + return common_mmap(file, "file_mmap", prot, flags); > +} There is a reason we do the round_hint_to_min() stuff in the vm and we recalculate that value every time dac_mmap_min_addr is change. It's because mmap (NOT MAP_FIXED) with a hint < profile->mmap_min_addr is going to end up getting denied here since the VM is going to assign it the address it wanted instead of find a new address and you are going to deny that task. If profile() is a per task thing, I think you are in a failed situation and can't solve the problem wtihout intrusive VFS hooks. If profile is a global thing just update that global value. In either case, this code is wrong.... -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists