lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 20 Jun 2022 11:15:05 -0700
From:   Casey Schaufler <casey@...aufler-ca.com>
To:     Micah Morton <mortonm@...omium.org>,
        linux-security-module@...r.kernel.org
Cc:     keescook@...omium.org, jmorris@...ei.org, serge@...lyn.com,
        linux-kernel@...r.kernel.org,
        Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH 1/3] security: Add LSM hook to setgroups() syscall

On 6/16/2022 10:18 AM, Micah Morton wrote:
> Give the LSM framework the ability to filter setgroups() syscalls. There
> are already analagous hooks for the set*uid() and set*gid() syscalls.
> The SafeSetID LSM will use this new hook to ensure setgroups() calls are
> allowed by the installed security policy. Tested by putting print
> statement in security_task_fix_setgroups() hook and confirming that it
> gets hit when userspace does a setgroups() syscall.
>
> Signed-off-by: Micah Morton <mortonm@...omium.org>

I don't see any problems with this.
Acked-by: Casey Schaufler <casey@...aufler-ca.com>

> ---
>   include/linux/lsm_hook_defs.h |  1 +
>   include/linux/lsm_hooks.h     |  7 +++++++
>   include/linux/security.h      |  7 +++++++
>   kernel/groups.c               | 13 +++++++++++++
>   security/security.c           |  5 +++++
>   5 files changed, 33 insertions(+)
>
> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
> index eafa1d2489fd..806448173033 100644
> --- a/include/linux/lsm_hook_defs.h
> +++ b/include/linux/lsm_hook_defs.h
> @@ -201,6 +201,7 @@ LSM_HOOK(int, 0, task_fix_setuid, struct cred *new, const struct cred *old,
>   	 int flags)
>   LSM_HOOK(int, 0, task_fix_setgid, struct cred *new, const struct cred * old,
>   	 int flags)
> +LSM_HOOK(int, 0, task_fix_setgroups, struct cred *new, const struct cred * old)
>   LSM_HOOK(int, 0, task_setpgid, struct task_struct *p, pid_t pgid)
>   LSM_HOOK(int, 0, task_getpgid, struct task_struct *p)
>   LSM_HOOK(int, 0, task_getsid, struct task_struct *p)
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 91c8146649f5..84a0d7e02176 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -702,6 +702,13 @@
>    *	@old is the set of credentials that are being replaced.
>    *	@flags contains one of the LSM_SETID_* values.
>    *	Return 0 on success.
> + * @task_fix_setgroups:
> + *	Update the module's state after setting the supplementary group
> + *	identity attributes of the current process.
> + *	@new is the set of credentials that will be installed.  Modifications
> + *	should be made to this rather than to @current->cred.
> + *	@old is the set of credentials that are being replaced.
> + *	Return 0 on success.
>    * @task_setpgid:
>    *	Check permission before setting the process group identifier of the
>    *	process @p to @pgid.
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 7fc4e9f49f54..1dfd32c49fa3 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -415,6 +415,7 @@ int security_task_fix_setuid(struct cred *new, const struct cred *old,
>   			     int flags);
>   int security_task_fix_setgid(struct cred *new, const struct cred *old,
>   			     int flags);
> +int security_task_fix_setgroups(struct cred *new, const struct cred *old);
>   int security_task_setpgid(struct task_struct *p, pid_t pgid);
>   int security_task_getpgid(struct task_struct *p);
>   int security_task_getsid(struct task_struct *p);
> @@ -1098,6 +1099,12 @@ static inline int security_task_fix_setgid(struct cred *new,
>   	return 0;
>   }
>   
> +static inline int security_task_fix_setgroups(struct cred *new,
> +					   const struct cred *old)
> +{
> +	return 0;
> +}
> +
>   static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
>   {
>   	return 0;
> diff --git a/kernel/groups.c b/kernel/groups.c
> index 787b381c7c00..9aaed2a31073 100644
> --- a/kernel/groups.c
> +++ b/kernel/groups.c
> @@ -134,13 +134,26 @@ EXPORT_SYMBOL(set_groups);
>   int set_current_groups(struct group_info *group_info)
>   {
>   	struct cred *new;
> +	const struct cred *old;
> +	int retval;
>   
>   	new = prepare_creds();
>   	if (!new)
>   		return -ENOMEM;
>   
> +	old = current_cred();
> +
>   	set_groups(new, group_info);
> +
> +	retval = security_task_fix_setgroups(new, old);
> +	if (retval < 0)
> +		goto error;
> +
>   	return commit_creds(new);
> +
> +error:
> +	abort_creds(new);
> +	return retval;
>   }
>   
>   EXPORT_SYMBOL(set_current_groups);
> diff --git a/security/security.c b/security/security.c
> index 188b8f782220..15c686145ad6 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -1803,6 +1803,11 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old,
>   	return call_int_hook(task_fix_setgid, 0, new, old, flags);
>   }
>   
> +int security_task_fix_setgroups(struct cred *new, const struct cred *old)
> +{
> +	return call_int_hook(task_fix_setgroups, 0, new, old);
> +}
> +
>   int security_task_setpgid(struct task_struct *p, pid_t pgid)
>   {
>   	return call_int_hook(task_setpgid, 0, p, pgid);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ