diff options
author | Serge Hallyn <serue@us.ibm.com> | 2005-01-04 05:09:53 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-01-04 05:09:53 -0800 |
commit | 2cf17bf6b5857ff2216931f4850cdd33ca2aab11 (patch) | |
tree | dc137698b5f885c32ec0dc6a4242ed33d9890f07 /kernel | |
parent | aa6b00059c4b523d79ef6ef247a62f9e2c623436 (diff) | |
download | history-2cf17bf6b5857ff2216931f4850cdd33ca2aab11.tar.gz |
[PATCH] properly split capset_check+capset_set
The attached patch removes checks from kernel/capability.c which are
redundant with cap_capset_check() code, and moves the capset_check() calls
to immediately before the capset_set() calls. This allows capset_check()
to accurately check the setter's permission to set caps on the target.
Please apply.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/capability.c | 63 |
1 files changed, 38 insertions, 25 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index 7800a5066c0fa1..5dbadb36477f01 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -85,34 +85,60 @@ out: * cap_set_pg - set capabilities for all processes in a given process * group. We call this holding task_capability_lock and tasklist_lock. */ -static inline void cap_set_pg(int pgrp, kernel_cap_t *effective, +static inline int cap_set_pg(int pgrp, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted) { task_t *g, *target; + int ret = -EPERM; + int found = 0; do_each_task_pid(pgrp, PIDTYPE_PGID, g) { target = g; - while_each_thread(g, target) - security_capset_set(target, effective, inheritable, permitted); + while_each_thread(g, target) { + if (!security_capset_check(target, effective, + inheritable, + permitted)) { + security_capset_set(target, effective, + inheritable, + permitted); + ret = 0; + } + found = 1; + } } while_each_task_pid(pgrp, PIDTYPE_PGID, g); + + if (!found) + ret = 0; + return ret; } /* * cap_set_all - set capabilities for all processes other than init * and self. We call this holding task_capability_lock and tasklist_lock. */ -static inline void cap_set_all(kernel_cap_t *effective, +static inline int cap_set_all(kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted) { task_t *g, *target; + int ret = -EPERM; + int found = 0; do_each_thread(g, target) { if (target == current || target->pid == 1) continue; + found = 1; + if (security_capset_check(target, effective, inheritable, + permitted)) + continue; + ret = 0; security_capset_set(target, effective, inheritable, permitted); } while_each_thread(g, target); + + if (!found) + ret = 0; + return ret; } /* @@ -167,36 +193,23 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) } else target = current; - ret = -EPERM; - - if (security_capset_check(target, &effective, &inheritable, &permitted)) - goto out; - - if (!cap_issubset(inheritable, cap_combine(target->cap_inheritable, - current->cap_permitted))) - goto out; - - /* verify restrictions on target's new Permitted set */ - if (!cap_issubset(permitted, cap_combine(target->cap_permitted, - current->cap_permitted))) - goto out; - - /* verify the _new_Effective_ is a subset of the _new_Permitted_ */ - if (!cap_issubset(effective, permitted)) - goto out; - ret = 0; /* having verified that the proposed changes are legal, we now put them into effect. */ if (pid < 0) { if (pid == -1) /* all procs other than current and init */ - cap_set_all(&effective, &inheritable, &permitted); + ret = cap_set_all(&effective, &inheritable, &permitted); else /* all procs in process group */ - cap_set_pg(-pid, &effective, &inheritable, &permitted); + ret = cap_set_pg(-pid, &effective, &inheritable, + &permitted); } else { - security_capset_set(target, &effective, &inheritable, &permitted); + ret = security_capset_check(target, &effective, &inheritable, + &permitted); + if (!ret) + security_capset_set(target, &effective, &inheritable, + &permitted); } out: |