Re: [PATCH] Smack: domain transition protections (v3)
From: Casey Schaufler
Date: Fri Oct 07 2011 - 15:02:29 EST
On 10/3/2011 11:29 PM, Jarkko Sakkinen wrote:
> Protections for domain transition:
>
> - BPRM unsafe flags
> - Secureexec
> - Clear unsafe personality bits.
> - Clear parent death signal
>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxx>
Applied after minor merge conflict to
git://gitorious.org/smack-next/kernel.git
> ---
> security/smack/smack_lsm.c | 59 +++++++++++++++++++++++++++++++++++--------
> 1 files changed, 48 insertions(+), 11 deletions(-)
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 2e71c3f..f1ef41c 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -5,12 +5,13 @@
> *
> * Authors:
> * Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> - * Jarkko Sakkinen <ext-jarkko.2.sakkinen@xxxxxxxxx>
> + * Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxx>
> *
> * Copyright (C) 2007 Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
> * Paul Moore <paul@xxxxxxxxxxxxxx>
> * Copyright (C) 2010 Nokia Corporation
> + * Copyright (C) 2011 Intel Corporation.
> *
> * This program is free software; you can redistribute it and/or modify
> * it under the terms of the GNU General Public License version 2,
> @@ -441,11 +442,17 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags)
> * BPRM hooks
> */
>
> +/**
> + * smack_bprm_set_creds - Smack exec that handles the domain transfer.
> + * @bprm: binprm for exec
> + *
> + * Returns 0 on success.
> + */
> static int smack_bprm_set_creds(struct linux_binprm *bprm)
> {
> - struct task_smack *tsp = bprm->cred->security;
> + struct inode *inode = bprm->file->f_path.dentry->d_inode;
> + struct task_smack *bsp = bprm->cred->security;
> struct inode_smack *isp;
> - struct dentry *dp;
> int rc;
>
> rc = cap_bprm_set_creds(bprm);
> @@ -455,20 +462,48 @@ static int smack_bprm_set_creds(struct linux_binprm *bprm)
> if (bprm->cred_prepared)
> return 0;
>
> - if (bprm->file == NULL || bprm->file->f_dentry == NULL)
> + isp = inode->i_security;
> + if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
> return 0;
>
> - dp = bprm->file->f_dentry;
> + if (bprm->unsafe)
> + return -EPERM;
> +
> + bsp->smk_task = isp->smk_task;
> + bprm->per_clear |= PER_CLEAR_ON_SETID;
>
> - if (dp->d_inode == NULL)
> - return 0;
> + return 0;
> +}
>
> - isp = dp->d_inode->i_security;
> +/**
> + * smack_bprm_committing_creds - Prepare to install the new credentials
> + * from bprm.
> + *
> + * @bprm: binprm for exec
> + */
> +static void smack_bprm_committing_creds(struct linux_binprm *bprm)
> +{
> + struct task_smack *bsp = bprm->cred->security;
>
> - if (isp->smk_task != NULL)
> - tsp->smk_task = isp->smk_task;
> + if (bsp->smk_task != bsp->smk_forked)
> + current->pdeath_signal = 0;
> +}
>
> - return 0;
> +/**
> + * smack_bprm_secureexec - Return the decision to use secureexec.
> + * @bprm: binprm for exec
> + *
> + * Returns 0 on success.
> + */
> +static int smack_bprm_secureexec(struct linux_binprm *bprm)
> +{
> + struct task_smack *tsp = current_security();
> + int ret = cap_bprm_secureexec(bprm);
> +
> + if (!ret && (tsp->smk_task != tsp->smk_forked))
> + ret = 1;
> +
> + return ret;
> }
>
> /*
> @@ -3452,6 +3487,8 @@ struct security_operations smack_ops = {
> .sb_umount = smack_sb_umount,
>
> .bprm_set_creds = smack_bprm_set_creds,
> + .bprm_committing_creds = smack_bprm_committing_creds,
> + .bprm_secureexec = smack_bprm_secureexec,
>
> .inode_alloc_security = smack_inode_alloc_security,
> .inode_free_security = smack_inode_free_security,
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/