Re: [PATCH 1/1] security: introduce fs caps
From: Bill O'Donnell
Date: Thu Nov 09 2006 - 09:47:50 EST
On Thu, Nov 09, 2006 at 10:33:49AM +0100, Chris Friedhoff wrote:
| Page http://www.friedhoff.org/fscaps.html updated ...
| Kernel 2.6.18.2 updated ...
| System keeps on humming ...
| Is anyone else using/testing the patch? Please give feedback ...
| Thanks ...
I am just starting to test it out. I'll let you know how it goes.
Thanks!
Bill
|
| Chris
|
|
| On Thu, 9 Nov 2006 00:10:21 -0600
| "Serge E. Hallyn" <serue@xxxxxxxxxx> wrote:
|
| > Sorry, I should have noticed and fixed this much sooner. This
| > patch is against the latest full fscaps patch which I'm replying
| > to.
| >
| > From: Serge E. Hallyn <serue@xxxxxxxxxx>
| > Date: Thu, 9 Nov 2006 00:01:49 -0600
| > Subject: security: file caps: fix unused variable warnings
| >
| > Address warnings of unused variables at cap_bprm_set_security
| > when file capabilities are disabled, and simultaneously clean
| > up the code a little, by pulling the new code into a helper
| > function.
| >
| > Rename vfs_cap_data_struct to remove redundant '_struct'.
| >
| > Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>
| > ---
| > security/commoncap.c | 73 ++++++++++++++++++++++++++++----------------------
| > 1 files changed, 41 insertions(+), 32 deletions(-)
| >
| > diff --git a/security/commoncap.c b/security/commoncap.c
| > index 6f5e46c..4b50b4d 100644
| > --- a/security/commoncap.c
| > +++ b/security/commoncap.c
| > @@ -109,16 +109,17 @@ void cap_capset_set (struct task_struct
| > target->cap_permitted = *permitted;
| > }
| >
| > +#ifdef CONFIG_SECURITY_FS_CAPABILITIES
| > #define XATTR_CAPS_SUFFIX "capability"
| > #define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
| > -struct vfs_cap_data_struct {
| > +struct vfs_cap_data {
| > __u32 version;
| > __u32 effective;
| > __u32 permitted;
| > __u32 inheritable;
| > };
| >
| > -static inline void convert_to_le(struct vfs_cap_data_struct *cap)
| > +static inline void convert_to_le(struct vfs_cap_data *cap)
| > {
| > cap->version = le32_to_cpu(cap->version);
| > cap->effective = le32_to_cpu(cap->effective);
| > @@ -126,7 +127,7 @@ static inline void convert_to_le(struct
| > cap->inheritable = le32_to_cpu(cap->inheritable);
| > }
| >
| > -static int check_cap_sanity(struct vfs_cap_data_struct *cap)
| > +static int check_cap_sanity(struct vfs_cap_data *cap)
| > {
| > int i;
| >
| > @@ -149,39 +150,14 @@ static int check_cap_sanity(struct vfs_c
| > return 0;
| > }
| >
| > -int cap_bprm_set_security (struct linux_binprm *bprm)
| > +/* Locate any VFS capabilities: */
| > +static int set_file_caps(struct linux_binprm *bprm)
| > {
| > struct dentry *dentry;
| > ssize_t rc;
| > - struct vfs_cap_data_struct cap_struct;
| > + struct vfs_cap_data cap_struct;
| > struct inode *inode;
| >
| > - /* Copied from fs/exec.c:prepare_binprm. */
| > -
| > - cap_clear (bprm->cap_inheritable);
| > - cap_clear (bprm->cap_permitted);
| > - cap_clear (bprm->cap_effective);
| > -
| > - /* To support inheritance of root-permissions and suid-root
| > - * executables under compatibility mode, we raise all three
| > - * capability sets for the file.
| > - *
| > - * If only the real uid is 0, we only raise the inheritable
| > - * and permitted sets of the executable file.
| > - */
| > -
| > - if (!issecure (SECURE_NOROOT)) {
| > - if (bprm->e_uid == 0 || current->uid == 0) {
| > - cap_set_full (bprm->cap_inheritable);
| > - cap_set_full (bprm->cap_permitted);
| > - }
| > - if (bprm->e_uid == 0)
| > - cap_set_full (bprm->cap_effective);
| > - }
| > -
| > -#ifdef CONFIG_SECURITY_FS_CAPABILITIES
| > - /* Locate any VFS capabilities: */
| > -
| > dentry = dget(bprm->file->f_dentry);
| > inode = dentry->d_inode;
| > if (!inode->i_op || !inode->i_op->getxattr) {
| > @@ -216,9 +192,42 @@ #ifdef CONFIG_SECURITY_FS_CAPABILITIES
| > bprm->cap_permitted = cap_struct.permitted;
| > bprm->cap_inheritable = cap_struct.inheritable;
| >
| > -#endif
| > return 0;
| > }
| > +#else
| > +static int set_file_caps(struct linux_binprm *bprm)
| > +{
| > + return 0;
| > +}
| > +#endif
| > +
| > +int cap_bprm_set_security (struct linux_binprm *bprm)
| > +{
| > + /* Copied from fs/exec.c:prepare_binprm. */
| > +
| > + cap_clear (bprm->cap_inheritable);
| > + cap_clear (bprm->cap_permitted);
| > + cap_clear (bprm->cap_effective);
| > +
| > + /* To support inheritance of root-permissions and suid-root
| > + * executables under compatibility mode, we raise all three
| > + * capability sets for the file.
| > + *
| > + * If only the real uid is 0, we only raise the inheritable
| > + * and permitted sets of the executable file.
| > + */
| > +
| > + if (!issecure (SECURE_NOROOT)) {
| > + if (bprm->e_uid == 0 || current->uid == 0) {
| > + cap_set_full (bprm->cap_inheritable);
| > + cap_set_full (bprm->cap_permitted);
| > + }
| > + if (bprm->e_uid == 0)
| > + cap_set_full (bprm->cap_effective);
| > + }
| > +
| > + return set_file_caps(bprm);
| > +}
| >
| > void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
| > {
| > --
| > 1.4.1
| >
|
|
| --------------------
| Chris Friedhoff
| chris@xxxxxxxxxxxxx
| -
| To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
| the body of a message to majordomo@xxxxxxxxxxxxxxx
| More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Bill O'Donnell
SGI
651.683.3079
billodo@xxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/