lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 28 Sep 2011 13:48:29 +0300
From:	Jarkko Sakkinen <jarkko.sakkinen@...el.com>
To:	Casey Schaufler <casey@...aufler-ca.com>
Cc:	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	Jarkko Sakkinen <jarkko.sakkinen@...el.com>
Subject: [PATCH] Smack: fix domain transfer issues

When domain changes, Smack should check for ptracing
and shared state. Additionally, it should clear unsafe
personality bits and turn on the secureexec bit. This
patch addresses these issues.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@...el.com>
---
 security/smack/smack.h     |    5 ++++
 security/smack/smack_lsm.c |   46 ++++++++++++++++++++++++++++++++++---------
 2 files changed, 41 insertions(+), 10 deletions(-)

diff --git a/security/smack/smack.h b/security/smack/smack.h
index 174d3be..7b37615 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -187,6 +187,11 @@ struct smack_known {
 #define SMK_NUM_ACCESS_TYPE 4
 
 /*
+ * Passed in the bprm->unsafe field
+ */
+#define SMK_SECUREEXEC_NEEDED 0x8000
+
+/*
  * Smack audit data; is empty if CONFIG_AUDIT not set
  * to save some stack
  */
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 2e71c3f..b3766ac 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -5,12 +5,13 @@
  *
  *  Authors:
  *	Casey Schaufler <casey@...aufler-ca.com>
- *	Jarkko Sakkinen <ext-jarkko.2.sakkinen@...ia.com>
+ *	Jarkko Sakkinen <jarkko.sakkinen@...el.com>
  *
  *  Copyright (C) 2007 Casey Schaufler <casey@...aufler-ca.com>
  *  Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
  *                Paul Moore <paul@...l-moore.com>
  *  Copyright (C) 2010 Nokia Corporation
+ *  Copyright (C) 2011 Intel Corporation.
  *
  *	This program is free software; you can redistribute it and/or modify
  *	it under the terms of the GNU General Public License version 2,
@@ -441,11 +442,17 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags)
  * BPRM hooks
  */
 
+/**
+ * smack_bprm_set_creds - Smack exec that handles the domain transfer.
+ * @bprm: binprm for exec
+ *
+ * Returns 0 on success.
+ */
 static int smack_bprm_set_creds(struct linux_binprm *bprm)
 {
+	struct inode *inode = bprm->file->f_path.dentry->d_inode;
 	struct task_smack *tsp = bprm->cred->security;
 	struct inode_smack *isp;
-	struct dentry *dp;
 	int rc;
 
 	rc = cap_bprm_set_creds(bprm);
@@ -455,22 +462,40 @@ static int smack_bprm_set_creds(struct linux_binprm *bprm)
 	if (bprm->cred_prepared)
 		return 0;
 
-	if (bprm->file == NULL || bprm->file->f_dentry == NULL)
-		return 0;
-
-	dp = bprm->file->f_dentry;
+	isp = inode->i_security;
 
-	if (dp->d_inode == NULL)
+	if (isp->smk_task == NULL || isp->smk_task == tsp->smk_task)
 		return 0;
 
-	isp = dp->d_inode->i_security;
+	if (bprm->unsafe & LSM_UNSAFE_SHARE)
+		return -EPERM;
 
-	if (isp->smk_task != NULL)
-		tsp->smk_task = isp->smk_task;
+	if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP))
+		return -EPERM;
+
+	tsp->smk_task = isp->smk_task;
+	bprm->per_clear |= PER_CLEAR_ON_SETID;
+	bprm->unsafe |= SMK_SECUREEXEC_NEEDED;
 
 	return 0;
 }
 
+/**
+ * smack_bprm_secureexec - Return the decision to use secureexec.
+ * @bprm: binprm for exec
+ *
+ * Returns 0 on success.
+ */
+static int smack_bprm_secureexec(struct linux_binprm *bprm)
+{
+	int ret = cap_bprm_secureexec(bprm);
+
+	if (!ret && (bprm->unsafe & SMK_SECUREEXEC_NEEDED))
+		ret = 1;
+
+	return ret;
+}
+
 /*
  * Inode hooks
  */
@@ -3452,6 +3477,7 @@ struct security_operations smack_ops = {
 	.sb_umount = 			smack_sb_umount,
 
 	.bprm_set_creds =		smack_bprm_set_creds,
+	.bprm_secureexec =		smack_bprm_secureexec,
 
 	.inode_alloc_security = 	smack_inode_alloc_security,
 	.inode_free_security = 		smack_inode_free_security,
-- 
1.7.4.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ