| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5500967A.3040203@tycho.nsa.gov>
Date: Wed, 11 Mar 2015 15:24:42 -0400
From: Stephen Smalley <sds@...ho.nsa.gov>
To: Casey Schaufler <casey@...aufler-ca.com>,
James Morris <jmorris@...ei.org>,
James Morris <james.l.morris@...cle.com>,
LSM <linux-security-module@...r.kernel.org>,
LKLM <linux-kernel@...r.kernel.org>
CC: Paul Moore <pmoore@...hat.com>,
John Johansen <john.johansen@...onical.com>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
Eric Paris <eparis@...hat.com>,
Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH 6/7 v21] LSM: Switch to lists of hooks
On 03/11/2015 02:47 PM, Casey Schaufler wrote:
> On 3/11/2015 9:42 AM, Stephen Smalley wrote:
>> On 03/09/2015 09:20 PM, Casey Schaufler wrote:
>>> Subject: [PATCH 6/7 v21] LSM: Switch to lists of hooks
>>>
>>> Instead of using a vector of security operations
>>> with explicit, special case stacking of the capability
>>> and yama hooks use lists of hooks with capability and
>>> yama hooks included as appropriate.
>>>
>>> The security_operations structure is no longer required.
>>> Instead, there is a union of the function pointers that
>>> allows all the hooks lists to use a common mechanism for
>>> list management while retaining typing. Each module
>>> supplies an array describing the hooks it provides instead
>>> of a sparsely populated security_operations structure.
>>> The description includes the element that gets put on
>>> the hook list, avoiding the issues surrounding individual
>>> element allocation.
>>>
>>> The method for registering security modules is changed to
>>> reflect the information available. The method for removing
>>> a module, currently only used by SELinux, has also changed.
>>> It should be generic now, however if there are potential
>>> race conditions based on ordering of hook removal that needs
>>> to be addressed by the calling module.
>>>
>>> The security hooks are called from the lists and the first
>>> failure is returned.
>>>
>>> Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
>>>
>>> ---
>>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
>>> index 0c45f08..3fd8610 100644
>>> --- a/security/selinux/hooks.c
>>> +++ b/security/selinux/hooks.c
>>> @@ -2008,24 +2002,12 @@ static int selinux_ptrace_access_check(struct task_struct *child,
>>>
>>> static int selinux_ptrace_traceme(struct task_struct *parent)
>>> {
>>> - int rc;
>>> -
>>> - rc = cap_ptrace_traceme(parent);
>>> - if (rc)
>>> - return rc;
>>> -
>>> return task_has_perm(parent, current, PROCESS__PTRACE);
>>> }
>>>
>>> static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
>>> kernel_cap_t *inheritable, kernel_cap_t *permitted)
>>> {
>>> - int error;
>>> -
>>> - error = current_has_perm(target, PROCESS__GETCAP);
>>> - if (error)
>>> - return error;
>>> -
>>> return cap_capget(target, effective, inheritable, permitted);
>> Deleted the wrong code here.
>>
>>> }
>> And failed to delete the cap_capset() call from selinux_capset(), and
>> the cap_capable() call from selinux_capable(), so we're calling that
>> code twice after the patch.
>
> So I see. It was right in v19, but wrong in v20. I'll have an update quickly.
Also looks like there is a residual cap_bprm_secureexec() call in
security/apparmor/domain.c.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists