diff options
author | Jarkko Sakkinen <jarkko.sakkinen@intel.com> | 2011-10-07 02:27:53 -0400 |
---|---|---|
committer | Casey Schaufler <cschaufler@cschaufler-intel.(none)> | 2011-10-12 17:28:15 -0400 |
commit | 84088ba239293abb24260c6c36d86e8775b6707f (patch) | |
tree | 7a8936d22156d108241725fae705979316fc6350 | |
parent | 975d5e55c2e78b755bd0b92b71db1c241c5a2665 (diff) |
Smack: domain transition protections (v3)
Protections for domain transition:
- BPRM unsafe flags
- Secureexec
- Clear unsafe personality bits.
- Clear parent death signal
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@intel.com>
-rw-r--r-- | security/smack/smack_lsm.c | 53 |
1 files changed, 42 insertions, 11 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index dab8af17ef3..d55b991268d 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -5,12 +5,13 @@ | |||
5 | * | 5 | * |
6 | * Authors: | 6 | * Authors: |
7 | * Casey Schaufler <casey@schaufler-ca.com> | 7 | * Casey Schaufler <casey@schaufler-ca.com> |
8 | * Jarkko Sakkinen <ext-jarkko.2.sakkinen@nokia.com> | 8 | * Jarkko Sakkinen <jarkko.sakkinen@intel.com> |
9 | * | 9 | * |
10 | * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> | 10 | * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> |
11 | * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. | 11 | * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. |
12 | * Paul Moore <paul@paul-moore.com> | 12 | * Paul Moore <paul@paul-moore.com> |
13 | * Copyright (C) 2010 Nokia Corporation | 13 | * Copyright (C) 2010 Nokia Corporation |
14 | * Copyright (C) 2011 Intel Corporation. | ||
14 | * | 15 | * |
15 | * This program is free software; you can redistribute it and/or modify | 16 | * This program is free software; you can redistribute it and/or modify |
16 | * it under the terms of the GNU General Public License version 2, | 17 | * it under the terms of the GNU General Public License version 2, |
@@ -449,9 +450,9 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags) | |||
449 | */ | 450 | */ |
450 | static int smack_bprm_set_creds(struct linux_binprm *bprm) | 451 | static int smack_bprm_set_creds(struct linux_binprm *bprm) |
451 | { | 452 | { |
452 | struct task_smack *tsp = bprm->cred->security; | 453 | struct inode *inode = bprm->file->f_path.dentry->d_inode; |
454 | struct task_smack *bsp = bprm->cred->security; | ||
453 | struct inode_smack *isp; | 455 | struct inode_smack *isp; |
454 | struct dentry *dp; | ||
455 | int rc; | 456 | int rc; |
456 | 457 | ||
457 | rc = cap_bprm_set_creds(bprm); | 458 | rc = cap_bprm_set_creds(bprm); |
@@ -461,20 +462,48 @@ static int smack_bprm_set_creds(struct linux_binprm *bprm) | |||
461 | if (bprm->cred_prepared) | 462 | if (bprm->cred_prepared) |
462 | return 0; | 463 | return 0; |
463 | 464 | ||
464 | if (bprm->file == NULL || bprm->file->f_dentry == NULL) | 465 | isp = inode->i_security; |
466 | if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) | ||
465 | return 0; | 467 | return 0; |
466 | 468 | ||
467 | dp = bprm->file->f_dentry; | 469 | if (bprm->unsafe) |
470 | return -EPERM; | ||
468 | 471 | ||
469 | if (dp->d_inode == NULL) | 472 | bsp->smk_task = isp->smk_task; |
470 | return 0; | 473 | bprm->per_clear |= PER_CLEAR_ON_SETID; |
471 | 474 | ||
472 | isp = dp->d_inode->i_security; | 475 | return 0; |
476 | } | ||
473 | 477 | ||
474 | if (isp->smk_task != NULL) | 478 | /** |
475 | tsp->smk_task = isp->smk_task; | 479 | * smack_bprm_committing_creds - Prepare to install the new credentials |
480 | * from bprm. | ||
481 | * | ||
482 | * @bprm: binprm for exec | ||
483 | */ | ||
484 | static void smack_bprm_committing_creds(struct linux_binprm *bprm) | ||
485 | { | ||
486 | struct task_smack *bsp = bprm->cred->security; | ||
476 | 487 | ||
477 | return 0; | 488 | if (bsp->smk_task != bsp->smk_forked) |
489 | current->pdeath_signal = 0; | ||
490 | } | ||
491 | |||
492 | /** | ||
493 | * smack_bprm_secureexec - Return the decision to use secureexec. | ||
494 | * @bprm: binprm for exec | ||
495 | * | ||
496 | * Returns 0 on success. | ||
497 | */ | ||
498 | static int smack_bprm_secureexec(struct linux_binprm *bprm) | ||
499 | { | ||
500 | struct task_smack *tsp = current_security(); | ||
501 | int ret = cap_bprm_secureexec(bprm); | ||
502 | |||
503 | if (!ret && (tsp->smk_task != tsp->smk_forked)) | ||
504 | ret = 1; | ||
505 | |||
506 | return ret; | ||
478 | } | 507 | } |
479 | 508 | ||
480 | /* | 509 | /* |
@@ -3467,6 +3496,8 @@ struct security_operations smack_ops = { | |||
3467 | .sb_umount = smack_sb_umount, | 3496 | .sb_umount = smack_sb_umount, |
3468 | 3497 | ||
3469 | .bprm_set_creds = smack_bprm_set_creds, | 3498 | .bprm_set_creds = smack_bprm_set_creds, |
3499 | .bprm_committing_creds = smack_bprm_committing_creds, | ||
3500 | .bprm_secureexec = smack_bprm_secureexec, | ||
3470 | 3501 | ||
3471 | .inode_alloc_security = smack_inode_alloc_security, | 3502 | .inode_alloc_security = smack_inode_alloc_security, |
3472 | .inode_free_security = smack_inode_free_security, | 3503 | .inode_free_security = smack_inode_free_security, |