diff options
author | Andrew Morton <akpm@osdl.org> | 2004-01-20 03:13:29 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@home.osdl.org> | 2004-01-20 03:13:29 -0800 |
commit | 3ba6fffc406b92307a1a84533e6c3ed8d0e5e26a (patch) | |
tree | d8df01e5a75ab91057b373682b269932f07253f1 /security | |
parent | 76ef5df33f02b6db0f67ca2cb78bde84145d47a0 (diff) | |
download | history-3ba6fffc406b92307a1a84533e6c3ed8d0e5e26a.tar.gz |
[PATCH] Default hooks protecting the XATTR_SECURITY_PREFIX namespace
From: Chris Wright <chrisw@osdl.org>
Add default hooks for both the dummy and capability code to protect the
XATTR_SECURITY_PREFIX namespace. These EAs were fully accessible to
unauthorized users, so a user that rebooted from an SELinux kernel to a
default kernel would leave those critical EAs unprotected.
(Acked by Stephen Smalley)
Diffstat (limited to 'security')
-rw-r--r-- | security/capability.c | 3 | ||||
-rw-r--r-- | security/commoncap.c | 22 | ||||
-rw-r--r-- | security/dummy.c | 9 |
3 files changed, 34 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c index 4680511771f7b..ba7daa4592dda 100644 --- a/security/capability.c +++ b/security/capability.c @@ -39,6 +39,9 @@ static struct security_operations capability_ops = { .bprm_set_security = cap_bprm_set_security, .bprm_secureexec = cap_bprm_secureexec, + .inode_setxattr = cap_inode_setxattr, + .inode_removexattr = cap_inode_removexattr, + .task_post_setuid = cap_task_post_setuid, .task_reparent_to_init = cap_task_reparent_to_init, diff --git a/security/commoncap.c b/security/commoncap.c index 79cc947761f14..355533d68b914 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -21,6 +21,7 @@ #include <linux/skbuff.h> #include <linux/netlink.h> #include <linux/ptrace.h> +#include <linux/xattr.h> int cap_capable (struct task_struct *tsk, int cap) { @@ -171,6 +172,25 @@ int cap_bprm_secureexec (struct linux_binprm *bprm) current->egid != current->gid); } +int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, + size_t size, int flags) +{ + if (!strncmp(name, XATTR_SECURITY_PREFIX, + sizeof(XATTR_SECURITY_PREFIX) - 1) && + !capable(CAP_SYS_ADMIN)) + return -EPERM; + return 0; +} + +int cap_inode_removexattr(struct dentry *dentry, char *name) +{ + if (!strncmp(name, XATTR_SECURITY_PREFIX, + sizeof(XATTR_SECURITY_PREFIX) - 1) && + !capable(CAP_SYS_ADMIN)) + return -EPERM; + return 0; +} + /* moved from kernel/sys.c. */ /* * cap_emulate_setxuid() fixes the effective / permitted capabilities of @@ -344,6 +364,8 @@ EXPORT_SYMBOL(cap_capset_set); EXPORT_SYMBOL(cap_bprm_set_security); EXPORT_SYMBOL(cap_bprm_compute_creds); EXPORT_SYMBOL(cap_bprm_secureexec); +EXPORT_SYMBOL(cap_inode_setxattr); +EXPORT_SYMBOL(cap_inode_removexattr); EXPORT_SYMBOL(cap_task_post_setuid); EXPORT_SYMBOL(cap_task_reparent_to_init); EXPORT_SYMBOL(cap_syslog); diff --git a/security/dummy.c b/security/dummy.c index 58ee41e25f961..b1bb80c459379 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -24,6 +24,7 @@ #include <linux/skbuff.h> #include <linux/netlink.h> #include <net/sock.h> +#include <linux/xattr.h> static int dummy_ptrace (struct task_struct *parent, struct task_struct *child) { @@ -387,6 +388,10 @@ static void dummy_inode_delete (struct inode *ino) static int dummy_inode_setxattr (struct dentry *dentry, char *name, void *value, size_t size, int flags) { + if (!strncmp(name, XATTR_SECURITY_PREFIX, + sizeof(XATTR_SECURITY_PREFIX) - 1) && + !capable(CAP_SYS_ADMIN)) + return -EPERM; return 0; } @@ -407,6 +412,10 @@ static int dummy_inode_listxattr (struct dentry *dentry) static int dummy_inode_removexattr (struct dentry *dentry, char *name) { + if (!strncmp(name, XATTR_SECURITY_PREFIX, + sizeof(XATTR_SECURITY_PREFIX) - 1) && + !capable(CAP_SYS_ADMIN)) + return -EPERM; return 0; } |