lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <201306112212.JHI90114.HOOLMVJFStQFFO@I-love.SAKURA.ne.jp>
Date:	Tue, 11 Jun 2013 22:12:42 +0900
From:	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To:	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org
Subject: [PATCH 1/4] LSM: Add security_bprm_aborting_creds() hook.

>>From 27dfd0d7652917601a53f4439678097c8ce67b2b Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Date: Tue, 11 Jun 2013 21:26:53 +0900
Subject: [PATCH 1/4] LSM: Add security_bprm_aborting_creds() hook.

Add a LSM hook which is called only when an execve operation failed after
prepare_bprm_creds() succeeded. This hook is used by TOMOYO for synchronously
cleaning up resources allocated during an execve operation.

Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
---
 fs/exec.c                |    1 +
 include/linux/security.h |   11 +++++++++++
 security/capability.c    |    5 +++++
 security/security.c      |    5 +++++
 4 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/fs/exec.c b/fs/exec.c
index 6430195..f71b2ae 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1175,6 +1175,7 @@ void free_bprm(struct linux_binprm *bprm)
 {
 	free_arg_pages(bprm);
 	if (bprm->cred) {
+		security_bprm_aborting_creds(bprm);
 		mutex_unlock(&current->signal->cred_guard_mutex);
 		abort_creds(bprm->cred);
 	}
diff --git a/include/linux/security.h b/include/linux/security.h
index 40560f4..6f03e37 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -232,6 +232,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *	linux_binprm structure.  This hook is a good place to perform state
  *	changes on the process such as clearing out non-inheritable signal
  *	state.  This is called immediately after commit_creds().
+ * @bprm_aborting_creds:
+ *	This hook is called when an execve operation failed after
+ *	prepare_bprm_creds() succeeded so that we can synchronously clean up
+ *	resources used by an execve operation.
+ *	@bprm points to the linux_binprm structure.
  * @bprm_secureexec:
  *	Return a boolean value (0 or 1) indicating whether a "secure exec"
  *	is required.  The flag is passed in the auxiliary table
@@ -1426,6 +1431,7 @@ struct security_operations {
 	int (*bprm_secureexec) (struct linux_binprm *bprm);
 	void (*bprm_committing_creds) (struct linux_binprm *bprm);
 	void (*bprm_committed_creds) (struct linux_binprm *bprm);
+	void (*bprm_aborting_creds) (struct linux_binprm *bprm);
 
 	int (*sb_alloc_security) (struct super_block *sb);
 	void (*sb_free_security) (struct super_block *sb);
@@ -1714,6 +1720,7 @@ int security_bprm_set_creds(struct linux_binprm *bprm);
 int security_bprm_check(struct linux_binprm *bprm);
 void security_bprm_committing_creds(struct linux_binprm *bprm);
 void security_bprm_committed_creds(struct linux_binprm *bprm);
+void security_bprm_aborting_creds(struct linux_binprm *bprm);
 int security_bprm_secureexec(struct linux_binprm *bprm);
 int security_sb_alloc(struct super_block *sb);
 void security_sb_free(struct super_block *sb);
@@ -1954,6 +1961,10 @@ static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
 {
 }
 
+static inline void security_bprm_aborting_creds(struct linux_binprm *bprm)
+{
+}
+
 static inline int security_bprm_secureexec(struct linux_binprm *bprm)
 {
 	return cap_bprm_secureexec(bprm);
diff --git a/security/capability.c b/security/capability.c
index 1728d4e..34b6f09 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -40,6 +40,10 @@ static void cap_bprm_committed_creds(struct linux_binprm *bprm)
 {
 }
 
+static void cap_bprm_aborting_creds(struct linux_binprm *bprm)
+{
+}
+
 static int cap_sb_alloc_security(struct super_block *sb)
 {
 	return 0;
@@ -916,6 +920,7 @@ void __init security_fixup_ops(struct security_operations *ops)
 	set_to_cap_if_null(ops, bprm_set_creds);
 	set_to_cap_if_null(ops, bprm_committing_creds);
 	set_to_cap_if_null(ops, bprm_committed_creds);
+	set_to_cap_if_null(ops, bprm_aborting_creds);
 	set_to_cap_if_null(ops, bprm_check_security);
 	set_to_cap_if_null(ops, bprm_secureexec);
 	set_to_cap_if_null(ops, sb_alloc_security);
diff --git a/security/security.c b/security/security.c
index a3dce87..7123178 100644
--- a/security/security.c
+++ b/security/security.c
@@ -235,6 +235,11 @@ void security_bprm_committed_creds(struct linux_binprm *bprm)
 	security_ops->bprm_committed_creds(bprm);
 }
 
+void security_bprm_aborting_creds(struct linux_binprm *bprm)
+{
+	security_ops->bprm_aborting_creds(bprm);
+}
+
 int security_bprm_secureexec(struct linux_binprm *bprm)
 {
 	return security_ops->bprm_secureexec(bprm);
-- 
1.7.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ