diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-05-03 11:50:52 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-05-03 11:50:52 -0400 |
| commit | 0302e28dee643932ee7b3c112ebccdbb9f8ec32c (patch) | |
| tree | 405d4cb3f772ef069ed7f291adc4b74a4e73346e /kernel/sys.c | |
| parent | 89c9fea3c8034cdb2fd745f551cde0b507fd6893 (diff) | |
| parent | 8979b02aaf1d6de8d52cc143aa4da961ed32e5a2 (diff) | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"Highlights:
IMA:
- provide ">" and "<" operators for fowner/uid/euid rules
KEYS:
- add a system blacklist keyring
- add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction
functionality to userland via keyctl()
LSM:
- harden LSM API with __ro_after_init
- add prlmit security hook, implement for SELinux
- revive security_task_alloc hook
TPM:
- implement contextual TPM command 'spaces'"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (98 commits)
tpm: Fix reference count to main device
tpm_tis: convert to using locality callbacks
tpm: fix handling of the TPM 2.0 event logs
tpm_crb: remove a cruft constant
keys: select CONFIG_CRYPTO when selecting DH / KDF
apparmor: Make path_max parameter readonly
apparmor: fix parameters so that the permission test is bypassed at boot
apparmor: fix invalid reference to index variable of iterator line 836
apparmor: use SHASH_DESC_ON_STACK
security/apparmor/lsm.c: set debug messages
apparmor: fix boolreturn.cocci warnings
Smack: Use GFP_KERNEL for smk_netlbl_mls().
smack: fix double free in smack_parse_opts_str()
KEYS: add SP800-56A KDF support for DH
KEYS: Keyring asymmetric key restrict method with chaining
KEYS: Restrict asymmetric key linkage using a specific keychain
KEYS: Add a lookup_restriction function for the asymmetric key type
KEYS: Add KEYCTL_RESTRICT_KEYRING
KEYS: Consistent ordering for __key_link_begin and restrict check
KEYS: Add an optional lookup_restriction hook to key_type
...
Diffstat (limited to 'kernel/sys.c')
| -rw-r--r-- | kernel/sys.c | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/kernel/sys.c b/kernel/sys.c index 7ff6d1b10cec..196c7134bee6 100644 --- a/kernel/sys.c +++ b/kernel/sys.c | |||
| @@ -1432,25 +1432,26 @@ out: | |||
| 1432 | } | 1432 | } |
| 1433 | 1433 | ||
| 1434 | /* rcu lock must be held */ | 1434 | /* rcu lock must be held */ |
| 1435 | static int check_prlimit_permission(struct task_struct *task) | 1435 | static int check_prlimit_permission(struct task_struct *task, |
| 1436 | unsigned int flags) | ||
| 1436 | { | 1437 | { |
| 1437 | const struct cred *cred = current_cred(), *tcred; | 1438 | const struct cred *cred = current_cred(), *tcred; |
| 1439 | bool id_match; | ||
| 1438 | 1440 | ||
| 1439 | if (current == task) | 1441 | if (current == task) |
| 1440 | return 0; | 1442 | return 0; |
| 1441 | 1443 | ||
| 1442 | tcred = __task_cred(task); | 1444 | tcred = __task_cred(task); |
| 1443 | if (uid_eq(cred->uid, tcred->euid) && | 1445 | id_match = (uid_eq(cred->uid, tcred->euid) && |
| 1444 | uid_eq(cred->uid, tcred->suid) && | 1446 | uid_eq(cred->uid, tcred->suid) && |
| 1445 | uid_eq(cred->uid, tcred->uid) && | 1447 | uid_eq(cred->uid, tcred->uid) && |
| 1446 | gid_eq(cred->gid, tcred->egid) && | 1448 | gid_eq(cred->gid, tcred->egid) && |
| 1447 | gid_eq(cred->gid, tcred->sgid) && | 1449 | gid_eq(cred->gid, tcred->sgid) && |
| 1448 | gid_eq(cred->gid, tcred->gid)) | 1450 | gid_eq(cred->gid, tcred->gid)); |
| 1449 | return 0; | 1451 | if (!id_match && !ns_capable(tcred->user_ns, CAP_SYS_RESOURCE)) |
| 1450 | if (ns_capable(tcred->user_ns, CAP_SYS_RESOURCE)) | 1452 | return -EPERM; |
| 1451 | return 0; | ||
| 1452 | 1453 | ||
| 1453 | return -EPERM; | 1454 | return security_task_prlimit(cred, tcred, flags); |
| 1454 | } | 1455 | } |
| 1455 | 1456 | ||
| 1456 | SYSCALL_DEFINE4(prlimit64, pid_t, pid, unsigned int, resource, | 1457 | SYSCALL_DEFINE4(prlimit64, pid_t, pid, unsigned int, resource, |
| @@ -1460,12 +1461,17 @@ SYSCALL_DEFINE4(prlimit64, pid_t, pid, unsigned int, resource, | |||
| 1460 | struct rlimit64 old64, new64; | 1461 | struct rlimit64 old64, new64; |
| 1461 | struct rlimit old, new; | 1462 | struct rlimit old, new; |
| 1462 | struct task_struct *tsk; | 1463 | struct task_struct *tsk; |
| 1464 | unsigned int checkflags = 0; | ||
| 1463 | int ret; | 1465 | int ret; |
| 1464 | 1466 | ||
| 1467 | if (old_rlim) | ||
| 1468 | checkflags |= LSM_PRLIMIT_READ; | ||
| 1469 | |||
| 1465 | if (new_rlim) { | 1470 | if (new_rlim) { |
| 1466 | if (copy_from_user(&new64, new_rlim, sizeof(new64))) | 1471 | if (copy_from_user(&new64, new_rlim, sizeof(new64))) |
| 1467 | return -EFAULT; | 1472 | return -EFAULT; |
| 1468 | rlim64_to_rlim(&new64, &new); | 1473 | rlim64_to_rlim(&new64, &new); |
| 1474 | checkflags |= LSM_PRLIMIT_WRITE; | ||
| 1469 | } | 1475 | } |
| 1470 | 1476 | ||
| 1471 | rcu_read_lock(); | 1477 | rcu_read_lock(); |
| @@ -1474,7 +1480,7 @@ SYSCALL_DEFINE4(prlimit64, pid_t, pid, unsigned int, resource, | |||
| 1474 | rcu_read_unlock(); | 1480 | rcu_read_unlock(); |
| 1475 | return -ESRCH; | 1481 | return -ESRCH; |
| 1476 | } | 1482 | } |
| 1477 | ret = check_prlimit_permission(tsk); | 1483 | ret = check_prlimit_permission(tsk, checkflags); |
| 1478 | if (ret) { | 1484 | if (ret) { |
| 1479 | rcu_read_unlock(); | 1485 | rcu_read_unlock(); |
| 1480 | return ret; | 1486 | return ret; |