aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLorenzo Hernández García-Hierro <lorenzo@gnu.org>2005-06-25 17:54:35 -0400
committerLinus Torvalds <torvalds@ppc970.osdl.org>2005-06-25 19:24:26 -0400
commit09ffd94fb15d85fbf9eebb8180f50264b264d6fe (patch)
tree688a5b60f9718a56a5d4386ef10596e77fb65b7b
parent6b9921976f0861e04828b3aff66696c1f3fd900d (diff)
[PATCH] selinux: add executable heap check
This patch,based on sample code by Roland McGrath, adds an execheap permission check that controls the ability to make the heap executable so that this can be prevented in almost all cases (the X server is presently an exception, but this will hopefully be resolved in the future) so that even programs with execmem permission will need to have the anonymous memory mapped in order to make it executable. The only reason that we use a permission check for such restriction (vs. making it unconditional) is that the X module loader presently needs it; it could possibly be made unconditional in the future when X is changed. The policy patch for the execheap permission is available at: http://pearls.tuxedo-es.org/patches/selinux/policy-execheap.patch Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> Acked-by: James Morris <jmorris@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Cc: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--security/selinux/hooks.c11
-rw-r--r--security/selinux/include/av_perm_to_string.h1
-rw-r--r--security/selinux/include/av_permissions.h1
3 files changed, 13 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ad725213f568..932eef18db33 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2477,6 +2477,17 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
2477 prot = reqprot; 2477 prot = reqprot;
2478 2478
2479#ifndef CONFIG_PPC32 2479#ifndef CONFIG_PPC32
2480 if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXECUTABLE) &&
2481 (vma->vm_start >= vma->vm_mm->start_brk &&
2482 vma->vm_end <= vma->vm_mm->brk)) {
2483 /*
2484 * We are making an executable mapping in the brk region.
2485 * This has an additional execheap check.
2486 */
2487 rc = task_has_perm(current, current, PROCESS__EXECHEAP);
2488 if (rc)
2489 return rc;
2490 }
2480 if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) { 2491 if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) {
2481 /* 2492 /*
2482 * We are making executable a file mapping that has 2493 * We are making executable a file mapping that has
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index e81f0226c37d..1deb59e1b762 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -71,6 +71,7 @@
71 S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") 71 S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent")
72 S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") 72 S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
73 S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack") 73 S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
74 S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
74 S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") 75 S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
75 S_(SECCLASS_MSG, MSG__SEND, "send") 76 S_(SECCLASS_MSG, MSG__SEND, "send")
76 S_(SECCLASS_MSG, MSG__RECEIVE, "receive") 77 S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index 38ce18b33284..a78b5d59c9fc 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -466,6 +466,7 @@
466#define PROCESS__SETCURRENT 0x01000000UL 466#define PROCESS__SETCURRENT 0x01000000UL
467#define PROCESS__EXECMEM 0x02000000UL 467#define PROCESS__EXECMEM 0x02000000UL
468#define PROCESS__EXECSTACK 0x04000000UL 468#define PROCESS__EXECSTACK 0x04000000UL
469#define PROCESS__EXECHEAP 0x08000000UL
469 470
470#define IPC__CREATE 0x00000001UL 471#define IPC__CREATE 0x00000001UL
471#define IPC__DESTROY 0x00000002UL 472#define IPC__DESTROY 0x00000002UL