aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2011-04-01 17:07:50 -0400
committerJames Morris <jmorris@namei.org>2011-04-03 20:31:04 -0400
commit17f60a7da150fdd0cfb9756f86a262daa72c835f (patch)
tree1c5ece75d66bed0766de861cde6eb18ee7ea4cf2 /include
parentcfc64fd91fabed099a4c3df58559f4b7efe9bcce (diff)
capabilites: allow the application of capability limits to usermode helpers
There is no way to limit the capabilities of usermodehelpers. This problem reared its head recently when someone complained that any user with cap_net_admin was able to load arbitrary kernel modules, even though the user didn't have cap_sys_module. The reason is because the actual load is done by a usermode helper and those always have the full cap set. This patch addes new sysctls which allow us to bound the permissions of usermode helpers. /proc/sys/kernel/usermodehelper/bset /proc/sys/kernel/usermodehelper/inheritable You must have CAP_SYS_MODULE and CAP_SETPCAP to change these (changes are &= ONLY). When the kernel launches a usermodehelper it will do so with these as the bset and pI. -v2: make globals static create spinlock to protect globals -v3: require both CAP_SETPCAP and CAP_SYS_MODULE -v4: fix the typo s/CAP_SET_PCAP/CAP_SETPCAP/ because I didn't commit Signed-off-by: Eric Paris <eparis@redhat.com> No-objection-from: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: David Howells <dhowells@redhat.com> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: Andrew G. Morgan <morgan@kernel.org> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/kmod.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/include/linux/kmod.h b/include/linux/kmod.h
index 6efd7a78de6a..79bb98d71858 100644
--- a/include/linux/kmod.h
+++ b/include/linux/kmod.h
@@ -24,6 +24,7 @@
24#include <linux/errno.h> 24#include <linux/errno.h>
25#include <linux/compiler.h> 25#include <linux/compiler.h>
26#include <linux/workqueue.h> 26#include <linux/workqueue.h>
27#include <linux/sysctl.h>
27 28
28#define KMOD_PATH_LEN 256 29#define KMOD_PATH_LEN 256
29 30
@@ -109,6 +110,8 @@ call_usermodehelper(char *path, char **argv, char **envp, enum umh_wait wait)
109 NULL, NULL, NULL); 110 NULL, NULL, NULL);
110} 111}
111 112
113extern struct ctl_table usermodehelper_table[];
114
112extern void usermodehelper_init(void); 115extern void usermodehelper_init(void);
113 116
114extern int usermodehelper_disable(void); 117extern int usermodehelper_disable(void);