Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (105 commits) SELinux: don't check permissions for kernel mounts security: pass mount flags to security_sb_kern_mount() SELinux: correctly detect proc filesystems of the form "proc/foo" Audit: Log TIOCSTI user namespaces: document CFS behavior user namespaces: require cap_set{ug}id for CLONE_NEWUSER user namespaces: let user_ns be cloned with fairsched CRED: fix sparse warnings User namespaces: use the current_user_ns() macro User namespaces: set of cleanups (v2) nfsctl: add headers for credentials coda: fix creds reference capabilities: define get_vfs_caps_from_disk when file caps are not enabled CRED: Allow kernel services to override LSM settings for task actions CRED: Add a kernel_service object class to SELinux CRED: Differentiate objective and effective subjective credentials on a task CRED: Documentation CRED: Use creds in file structs CRED: Prettify commoncap.c CRED: Make execve() take advantage of copy-on-write credentials ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2008-12-28 14:43:54 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2008-12-28 14:43:54 -0500
commit: bb26c6c29b7cc9f39e491b074b09f3c284738d36 (patch)
tree: c7867af2bb4ff0feae889183efcd4d79b0f9a325 /drivers
parent: e14e61e967f2b3bdf23f05e4ae5b9aa830151a44 (diff)
parent: cbacc2c7f066a1e01b33b0e27ae5efbf534bc2db (diff)
9 files changed, 96 insertions, 35 deletions
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index 5c4ee70d5cf..fb06ed65921 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -936,8 +936,10 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
 {
        int err;
        struct loop_func_table *xfer;
+        uid_t uid = current_uid();
-        if (lo->lo_encrypt_key_size && lo->lo_key_owner != current->uid &&
+        if (lo->lo_encrypt_key_size &&
+            lo->lo_key_owner != uid &&
            !capable(CAP_SYS_ADMIN))
                return -EPERM;
        if (lo->lo_state != Lo_bound)
@@ -992,7 +994,7 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
        if (info->lo_encrypt_key_size) {
                memcpy(lo->lo_encrypt_key, info->lo_encrypt_key,
                       info->lo_encrypt_key_size);
-                lo->lo_key_owner = current->uid;
+                lo->lo_key_owner = uid;
        }       
        return 0;
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c
index 5787249934c..34ab6d798f8 100644
--- a/drivers/char/tty_audit.c
+++ b/drivers/char/tty_audit.c
@@ -67,6 +67,29 @@ static void tty_audit_buf_put(struct tty_audit_buf *buf)
                tty_audit_buf_free(buf);
 }
+static void tty_audit_log(const char *description, struct task_struct *tsk,
+                          uid_t loginuid, unsigned sessionid, int major,
+                          int minor, unsigned char *data, size_t size)
+{
+        struct audit_buffer *ab;
+        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY);
+        if (ab) {
+                char name[sizeof(tsk->comm)];
+                uid_t uid = task_uid(tsk);
+                audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u "
+                                 "major=%d minor=%d comm=", description,
+                                 tsk->pid, uid, loginuid, sessionid,
+                                 major, minor);
+                get_task_comm(name, tsk);
+                audit_log_untrustedstring(ab, name);
+                audit_log_format(ab, " data=");
+                audit_log_n_hex(ab, data, size);
+                audit_log_end(ab);
+        }
+}
 /**
 *      tty_audit_buf_push      -       Push buffered data out
 *
@@ -77,25 +100,12 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
                               unsigned int sessionid,
                               struct tty_audit_buf *buf)
 {
-        struct audit_buffer *ab;
        if (buf->valid == 0)
                return;
        if (audit_enabled == 0)
                return;
-        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY);
+        tty_audit_log("tty", tsk, loginuid, sessionid, buf->major, buf->minor,
-        if (ab) {
+                      buf->data, buf->valid);
-                char name[sizeof(tsk->comm)];
-                audit_log_format(ab, "tty pid=%u uid=%u auid=%u ses=%u "
-                                 "major=%d minor=%d comm=", tsk->pid, tsk->uid,
-                                 loginuid, sessionid, buf->major, buf->minor);
-                get_task_comm(name, tsk);
-                audit_log_untrustedstring(ab, name);
-                audit_log_format(ab, " data=");
-                audit_log_n_hex(ab, buf->data, buf->valid);
-                audit_log_end(ab);
-        }
        buf->valid = 0;
 }
@@ -150,6 +160,42 @@ void tty_audit_fork(struct signal_struct *sig)
 }
 /**
+ *      tty_audit_tiocsti       -       Log TIOCSTI
+ */
+void tty_audit_tiocsti(struct tty_struct *tty, char ch)
+{
+        struct tty_audit_buf *buf;
+        int major, minor, should_audit;
+        spin_lock_irq(&current->sighand->siglock);
+        should_audit = current->signal->audit_tty;
+        buf = current->signal->tty_audit_buf;
+        if (buf)
+                atomic_inc(&buf->count);
+        spin_unlock_irq(&current->sighand->siglock);
+        major = tty->driver->major;
+        minor = tty->driver->minor_start + tty->index;
+        if (buf) {
+                mutex_lock(&buf->mutex);
+                if (buf->major == major && buf->minor == minor)
+                        tty_audit_buf_push_current(buf);
+                mutex_unlock(&buf->mutex);
+                tty_audit_buf_put(buf);
+        }
+        if (should_audit && audit_enabled) {
+                uid_t auid;
+                unsigned int sessionid;
+                auid = audit_get_loginuid(current);
+                sessionid = audit_get_sessionid(current);
+                tty_audit_log("ioctl=TIOCSTI", current, auid, sessionid, major,
+                              minor, &ch, 1);
+        }
+}
+/**
 *      tty_audit_push_task     -       Flush task's pending audit data
 */
 void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
index 1412a8d1e58..db15f9ba7c0 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -2018,6 +2018,7 @@ static int tiocsti(struct tty_struct *tty, char __user *p)
                return -EPERM;
        if (get_user(ch, p))
                return -EFAULT;
+        tty_audit_tiocsti(tty, ch);
        ld = tty_ldisc_ref_wait(tty);
        ld->ops->receive_buf(tty, &ch, &mbz, 1);
        tty_ldisc_deref(ld);
diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
index 5c9f67f98d1..c5afc98e267 100644
--- a/drivers/connector/cn_proc.c
+++ b/drivers/connector/cn_proc.c
@@ -106,6 +106,7 @@ void proc_id_connector(struct task_struct *task, int which_id)
        struct proc_event *ev;
        __u8 buffer[CN_PROC_MSG_SIZE];
        struct timespec ts;
+        const struct cred *cred;
        if (atomic_read(&proc_event_num_listeners) < 1)
                return;
@@ -115,14 +116,19 @@ void proc_id_connector(struct task_struct *task, int which_id)
        ev->what = which_id;
        ev->event_data.id.process_pid = task->pid;
        ev->event_data.id.process_tgid = task->tgid;
+        rcu_read_lock();
+        cred = __task_cred(task);
        if (which_id == PROC_EVENT_UID) {
-                ev->event_data.id.r.ruid = task->uid;
+                ev->event_data.id.r.ruid = cred->uid;
-                ev->event_data.id.e.euid = task->euid;
+                ev->event_data.id.e.euid = cred->euid;
        } else if (which_id == PROC_EVENT_GID) {
-                ev->event_data.id.r.rgid = task->gid;
+                ev->event_data.id.r.rgid = cred->gid;
-                ev->event_data.id.e.egid = task->egid;
+                ev->event_data.id.e.egid = cred->egid;
-        } else
+        } else {
+                rcu_read_unlock();
                return;
+        }
+        rcu_read_unlock();
        get_seq(&msg->seq, &ev->cpu);
        ktime_get_ts(&ts); /* get high res monotonic timestamp */
        put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
diff --git a/drivers/isdn/capi/capifs.c b/drivers/isdn/capi/capifs.c
index 550e80f390a..0aa66ec4cbd 100644
--- a/drivers/isdn/capi/capifs.c
+++ b/drivers/isdn/capi/capifs.c
@@ -156,8 +156,8 @@ void capifs_new_ncci(unsigned int number, dev_t device)
        if (!inode)
                return;
        inode->i_ino = number+2;
-        inode->i_uid = config.setuid ? config.uid : current->fsuid;
+        inode->i_uid = config.setuid ? config.uid : current_fsuid();
-        inode->i_gid = config.setgid ? config.gid : current->fsgid;
+        inode->i_gid = config.setgid ? config.gid : current_fsgid();
        inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
        init_special_inode(inode, S_IFCHR|config.mode, device);
        //inode->i_op = &capifs_file_inode_operations;
diff --git a/drivers/isdn/hysdn/hysdn_procconf.c b/drivers/isdn/hysdn/hysdn_procconf.c
index 484299b031f..8f9f4912de3 100644
--- a/drivers/isdn/hysdn/hysdn_procconf.c
+++ b/drivers/isdn/hysdn/hysdn_procconf.c
@@ -246,7 +246,8 @@ hysdn_conf_open(struct inode *ino, struct file *filep)
        }
        if (card->debug_flags & (LOG_PROC_OPEN | LOG_PROC_ALL))
                hysdn_addlog(card, "config open for uid=%d gid=%d mode=0x%x",
-                             filep->f_uid, filep->f_gid, filep->f_mode);
+                             filep->f_cred->fsuid, filep->f_cred->fsgid,
+                             filep->f_mode);
        if ((filep->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_WRITE) {
                /* write only access -> write boot file or conf line */
@@ -331,7 +332,8 @@ hysdn_conf_close(struct inode *ino, struct file *filep)
        }
        if (card->debug_flags & (LOG_PROC_OPEN | LOG_PROC_ALL))
                hysdn_addlog(card, "config close for uid=%d gid=%d mode=0x%x",
-                             filep->f_uid, filep->f_gid, filep->f_mode);
+                             filep->f_cred->fsuid, filep->f_cred->fsgid,
+                             filep->f_mode);
        if ((filep->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_WRITE) {
                /* write only access -> write boot file or conf line */
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 33b6d1b122f..55dc70c6b4d 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -702,6 +702,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
        struct tun_net *tn;
        struct tun_struct *tun;
        struct net_device *dev;
+        const struct cred *cred = current_cred();
        int err;
        tn = net_generic(net, tun_net_id);
@@ -712,11 +713,12 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
                /* Check permissions */
                if (((tun->owner != -1 &&
-                      current->euid != tun->owner) ||
+                      cred->euid != tun->owner) ||
                     (tun->group != -1 &&
-                      current->egid != tun->group)) &&
+                      cred->egid != tun->group)) &&
-                     !capable(CAP_NET_ADMIN))
+                    !capable(CAP_NET_ADMIN)) {
                        return -EPERM;
+                }
        }
        else if (__dev_get_by_name(net, ifr->ifr_name))
                return -EINVAL;
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index 2bccefebff1..aa79280df15 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -574,6 +574,7 @@ static int usbdev_open(struct inode *inode, struct file *file)
 {
        struct usb_device *dev = NULL;
        struct dev_state *ps;
+        const struct cred *cred = current_cred();
        int ret;
        lock_kernel();
@@ -617,8 +618,8 @@ static int usbdev_open(struct inode *inode, struct file *file)
        init_waitqueue_head(&ps->wait);
        ps->discsignr = 0;
        ps->disc_pid = get_pid(task_pid(current));
-        ps->disc_uid = current->uid;
+        ps->disc_uid = cred->uid;
-        ps->disc_euid = current->euid;
+        ps->disc_euid = cred->euid;
        ps->disccontext = NULL;
        ps->ifclaimed = 0;
        security_task_getsecid(current, &ps->secid);
@@ -967,6 +968,7 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
        struct usb_host_endpoint *ep;
        struct async *as;
        struct usb_ctrlrequest *dr = NULL;
+        const struct cred *cred = current_cred();
        unsigned int u, totlen, isofrmlen;
        int ret, ifnum = -1;
        int is_in;
@@ -1174,8 +1176,8 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
        as->signr = uurb->signr;
        as->ifnum = ifnum;
        as->pid = get_pid(task_pid(current));
-        as->uid = current->uid;
+        as->uid = cred->uid;
-        as->euid = current->euid;
+        as->euid = cred->euid;
        security_task_getsecid(current, &as->secid);
        if (!is_in) {
                if (copy_from_user(as->urb->transfer_buffer, uurb->buffer,
diff --git a/drivers/usb/core/inode.c b/drivers/usb/core/inode.c
index 94632264dcc..185be760833 100644
--- a/drivers/usb/core/inode.c
+++ b/drivers/usb/core/inode.c
@@ -277,8 +277,8 @@ static struct inode *usbfs_get_inode (struct super_block *sb, int mode, dev_t de
        if (inode) {
                inode->i_mode = mode;
-                inode->i_uid = current->fsuid;
+                inode->i_uid = current_fsuid();
-                inode->i_gid = current->fsgid;
+                inode->i_gid = current_fsgid();
                inode->i_blocks = 0;
                inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
                switch (mode & S_IFMT) {
author	Linus Torvalds <torvalds@linux-foundation.org>	2008-12-28 14:43:54 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2008-12-28 14:43:54 -0500
commit	bb26c6c29b7cc9f39e491b074b09f3c284738d36 (patch)
tree	c7867af2bb4ff0feae889183efcd4d79b0f9a325 /drivers
parent	e14e61e967f2b3bdf23f05e4ae5b9aa830151a44 (diff)
parent	cbacc2c7f066a1e01b33b0e27ae5efbf534bc2db (diff)