[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <201306112211.GBH48909.SOFOFJHMtFQVLO@I-love.SAKURA.ne.jp>
Date: Tue, 11 Jun 2013 22:11:52 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: [PATCH 0/4] LSM/TOMOYO: Introduce per a task_struct variables.
This patchset is for fixing two of TOMOYO's long-standing bugs which exists
since Linux 2.6.30.
Bug 1:
TOMOYO has been unable to check binary loader's permission upon execve()
because TOMOYO uses different permission for the program passed to execve()
request and the binary loader requested by the program passed to the execve()
request, but TOMOYO was not able to distinguish them due to lack of ability
to pass the proposed credential argument. Some attempt to pass the proposed
credential was made but was not successful because it breaks DAC's behavior.
Bug 2:
TOMOYO has been unable to remember that the current thread was once granted
for managing policy, for there is no mechanism for cleanly allocating per a
task_struct variables. As a result, TOMOYO needlessly has to check permission
for updating policy whenever a line of policy was written. Also, if the
userspace once deleted a line that is needed for updating policy, the current
thread (which should be able to update policy) fails to write the rest of
lines.
Variables associated with copy on write credential do not help for fixing
this bug because TOMOYO may not be allowed to modify it when TOMOYO wants to
modify it.
This patchset has four patches. Patch 1 and 2 are essentially revival of LSM
hooks which existed until Linux 2.6.28.
[PATCH 1/4] LSM: Add security_bprm_aborting_creds() hook.
[PATCH 2/4] LSM: Revive security_task_alloc() hook.
[PATCH 3/4] TOMOYO: Remember the proposed domain while in execve() request.
[PATCH 4/4] TOMOYO: Allow caching policy manager's state until execve() request.
b/fs/exec.c | 1
b/include/linux/security.h | 11 +++
b/kernel/fork.c | 7 +
b/security/capability.c | 5 +
b/security/security.c | 5 +
b/security/tomoyo/common.c | 22 +++++-
b/security/tomoyo/common.h | 34 +++++++++
b/security/tomoyo/tomoyo.c | 163 +++++++++++++++++++++++++++++++++++++++++++--
include/linux/security.h | 10 ++
security/capability.c | 6 +
security/security.c | 5 +
security/tomoyo/common.h | 6 +
security/tomoyo/tomoyo.c | 32 ++++++++
13 files changed, 298 insertions(+), 9 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists