diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-09-10 02:22:48 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2011-09-13 18:27:05 -0400 |
| commit | d58e0da854376841ac99defeb117a83f086715c6 (patch) | |
| tree | b6e37d1030180680a7801ecb295d8d3990930375 /security/tomoyo/util.c | |
| parent | 5dbe3040c74eef18e66951347eda05b153e69328 (diff) | |
TOMOYO: Add environment variable name restriction support.
This patch adds support for checking environment variable's names.
Although TOMOYO already provides ability to check argv[]/envp[] passed to
execve() requests,
file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="bar"
will reject execution of /bin/sh if environment variable LD_LIBRARY_PATH is not
defined. To grant execution of /bin/sh if LD_LIBRARY_PATH is not defined,
administrators have to specify like
file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="/system/lib"
file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]=NULL
. Since there are many environment variables whereas conditional checks are
applied as "&&", it is difficult to cover all combinations. Therefore, this
patch supports conditional checks that are applied as "||", by specifying like
file execute /bin/sh
misc env LD_LIBRARY_PATH exec.envp["LD_LIBRARY_PATH"]="/system/lib"
which means "grant execution of /bin/sh if environment variable is not defined
or is defined and its value is /system/lib".
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/util.c')
| -rw-r--r-- | security/tomoyo/util.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index 6a4195a4b93c..cb7d507b6312 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c | |||
| @@ -42,6 +42,8 @@ const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX] = { | |||
| 42 | [TOMOYO_MAC_FILE_MOUNT] = TOMOYO_MAC_CATEGORY_FILE, | 42 | [TOMOYO_MAC_FILE_MOUNT] = TOMOYO_MAC_CATEGORY_FILE, |
| 43 | [TOMOYO_MAC_FILE_UMOUNT] = TOMOYO_MAC_CATEGORY_FILE, | 43 | [TOMOYO_MAC_FILE_UMOUNT] = TOMOYO_MAC_CATEGORY_FILE, |
| 44 | [TOMOYO_MAC_FILE_PIVOT_ROOT] = TOMOYO_MAC_CATEGORY_FILE, | 44 | [TOMOYO_MAC_FILE_PIVOT_ROOT] = TOMOYO_MAC_CATEGORY_FILE, |
| 45 | /* CONFIG::misc group */ | ||
| 46 | [TOMOYO_MAC_ENVIRON] = TOMOYO_MAC_CATEGORY_MISC, | ||
| 45 | }; | 47 | }; |
| 46 | 48 | ||
| 47 | /** | 49 | /** |
| @@ -920,15 +922,17 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, | |||
| 920 | const u8 index) | 922 | const u8 index) |
| 921 | { | 923 | { |
| 922 | u8 mode; | 924 | u8 mode; |
| 923 | const u8 category = TOMOYO_MAC_CATEGORY_FILE; | 925 | struct tomoyo_profile *p; |
| 926 | |||
| 924 | if (!tomoyo_policy_loaded) | 927 | if (!tomoyo_policy_loaded) |
| 925 | return TOMOYO_CONFIG_DISABLED; | 928 | return TOMOYO_CONFIG_DISABLED; |
| 926 | mode = tomoyo_profile(ns, profile)->config[index]; | 929 | p = tomoyo_profile(ns, profile); |
| 930 | mode = p->config[index]; | ||
| 927 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) | 931 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) |
| 928 | mode = tomoyo_profile(ns, profile)->config | 932 | mode = p->config[tomoyo_index2category[index] |
| 929 | [category + TOMOYO_MAX_MAC_INDEX]; | 933 | + TOMOYO_MAX_MAC_INDEX]; |
| 930 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) | 934 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) |
| 931 | mode = tomoyo_profile(ns, profile)->default_config; | 935 | mode = p->default_config; |
| 932 | return mode & 3; | 936 | return mode & 3; |
| 933 | } | 937 | } |
| 934 | 938 | ||