diff options
| -rw-r--r-- | fs/open.c | 12 | ||||
| -rw-r--r-- | include/linux/security.h | 48 | ||||
| -rw-r--r-- | kernel/capability.c | 227 | ||||
| -rw-r--r-- | security/commoncap.c | 29 | ||||
| -rw-r--r-- | security/security.c | 18 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 10 |
6 files changed, 61 insertions, 283 deletions
| @@ -441,17 +441,7 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) | |||
| 441 | current->fsgid = current->gid; | 441 | current->fsgid = current->gid; |
| 442 | 442 | ||
| 443 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { | 443 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { |
| 444 | /* | 444 | /* Clear the capabilities if we switch to a non-root user */ |
| 445 | * Clear the capabilities if we switch to a non-root user | ||
| 446 | */ | ||
| 447 | #ifndef CONFIG_SECURITY_FILE_CAPABILITIES | ||
| 448 | /* | ||
| 449 | * FIXME: There is a race here against sys_capset. The | ||
| 450 | * capabilities can change yet we will restore the old | ||
| 451 | * value below. We should hold task_capabilities_lock, | ||
| 452 | * but we cannot because user_path_at can sleep. | ||
| 453 | */ | ||
| 454 | #endif /* ndef CONFIG_SECURITY_FILE_CAPABILITIES */ | ||
| 455 | if (current->uid) | 445 | if (current->uid) |
| 456 | old_cap = cap_set_effective(__cap_empty_set); | 446 | old_cap = cap_set_effective(__cap_empty_set); |
| 457 | else | 447 | else |
diff --git a/include/linux/security.h b/include/linux/security.h index 5fe28a671cd3..d1ce8beddbd7 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -53,8 +53,8 @@ extern int cap_settime(struct timespec *ts, struct timezone *tz); | |||
| 53 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); | 53 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); |
| 54 | extern int cap_ptrace_traceme(struct task_struct *parent); | 54 | extern int cap_ptrace_traceme(struct task_struct *parent); |
| 55 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 55 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
| 56 | extern int cap_capset_check(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 56 | extern int cap_capset_check(kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
| 57 | extern void cap_capset_set(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 57 | extern void cap_capset_set(kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
| 58 | extern int cap_bprm_set_security(struct linux_binprm *bprm); | 58 | extern int cap_bprm_set_security(struct linux_binprm *bprm); |
| 59 | extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); | 59 | extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); |
| 60 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); | 60 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); |
| @@ -1191,24 +1191,14 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 1191 | * Return 0 if the capability sets were successfully obtained. | 1191 | * Return 0 if the capability sets were successfully obtained. |
| 1192 | * @capset_check: | 1192 | * @capset_check: |
| 1193 | * Check permission before setting the @effective, @inheritable, and | 1193 | * Check permission before setting the @effective, @inheritable, and |
| 1194 | * @permitted capability sets for the @target process. | 1194 | * @permitted capability sets for the current process. |
| 1195 | * Caveat: @target is also set to current if a set of processes is | ||
| 1196 | * specified (i.e. all processes other than current and init or a | ||
| 1197 | * particular process group). Hence, the capset_set hook may need to | ||
| 1198 | * revalidate permission to the actual target process. | ||
| 1199 | * @target contains the task_struct structure for target process. | ||
| 1200 | * @effective contains the effective capability set. | 1195 | * @effective contains the effective capability set. |
| 1201 | * @inheritable contains the inheritable capability set. | 1196 | * @inheritable contains the inheritable capability set. |
| 1202 | * @permitted contains the permitted capability set. | 1197 | * @permitted contains the permitted capability set. |
| 1203 | * Return 0 if permission is granted. | 1198 | * Return 0 if permission is granted. |
| 1204 | * @capset_set: | 1199 | * @capset_set: |
| 1205 | * Set the @effective, @inheritable, and @permitted capability sets for | 1200 | * Set the @effective, @inheritable, and @permitted capability sets for |
| 1206 | * the @target process. Since capset_check cannot always check permission | 1201 | * the current process. |
| 1207 | * to the real @target process, this hook may also perform permission | ||
| 1208 | * checking to determine if the current process is allowed to set the | ||
| 1209 | * capability sets of the @target process. However, this hook has no way | ||
| 1210 | * of returning an error due to the structure of the sys_capset code. | ||
| 1211 | * @target contains the task_struct structure for target process. | ||
| 1212 | * @effective contains the effective capability set. | 1202 | * @effective contains the effective capability set. |
| 1213 | * @inheritable contains the inheritable capability set. | 1203 | * @inheritable contains the inheritable capability set. |
| 1214 | * @permitted contains the permitted capability set. | 1204 | * @permitted contains the permitted capability set. |
| @@ -1303,12 +1293,10 @@ struct security_operations { | |||
| 1303 | int (*capget) (struct task_struct *target, | 1293 | int (*capget) (struct task_struct *target, |
| 1304 | kernel_cap_t *effective, | 1294 | kernel_cap_t *effective, |
| 1305 | kernel_cap_t *inheritable, kernel_cap_t *permitted); | 1295 | kernel_cap_t *inheritable, kernel_cap_t *permitted); |
| 1306 | int (*capset_check) (struct task_struct *target, | 1296 | int (*capset_check) (kernel_cap_t *effective, |
| 1307 | kernel_cap_t *effective, | ||
| 1308 | kernel_cap_t *inheritable, | 1297 | kernel_cap_t *inheritable, |
| 1309 | kernel_cap_t *permitted); | 1298 | kernel_cap_t *permitted); |
| 1310 | void (*capset_set) (struct task_struct *target, | 1299 | void (*capset_set) (kernel_cap_t *effective, |
| 1311 | kernel_cap_t *effective, | ||
| 1312 | kernel_cap_t *inheritable, | 1300 | kernel_cap_t *inheritable, |
| 1313 | kernel_cap_t *permitted); | 1301 | kernel_cap_t *permitted); |
| 1314 | int (*capable) (struct task_struct *tsk, int cap, int audit); | 1302 | int (*capable) (struct task_struct *tsk, int cap, int audit); |
| @@ -1572,12 +1560,10 @@ int security_capget(struct task_struct *target, | |||
| 1572 | kernel_cap_t *effective, | 1560 | kernel_cap_t *effective, |
| 1573 | kernel_cap_t *inheritable, | 1561 | kernel_cap_t *inheritable, |
| 1574 | kernel_cap_t *permitted); | 1562 | kernel_cap_t *permitted); |
| 1575 | int security_capset_check(struct task_struct *target, | 1563 | int security_capset_check(kernel_cap_t *effective, |
| 1576 | kernel_cap_t *effective, | ||
| 1577 | kernel_cap_t *inheritable, | 1564 | kernel_cap_t *inheritable, |
| 1578 | kernel_cap_t *permitted); | 1565 | kernel_cap_t *permitted); |
| 1579 | void security_capset_set(struct task_struct *target, | 1566 | void security_capset_set(kernel_cap_t *effective, |
| 1580 | kernel_cap_t *effective, | ||
| 1581 | kernel_cap_t *inheritable, | 1567 | kernel_cap_t *inheritable, |
| 1582 | kernel_cap_t *permitted); | 1568 | kernel_cap_t *permitted); |
| 1583 | int security_capable(struct task_struct *tsk, int cap); | 1569 | int security_capable(struct task_struct *tsk, int cap); |
| @@ -1769,20 +1755,18 @@ static inline int security_capget(struct task_struct *target, | |||
| 1769 | return cap_capget(target, effective, inheritable, permitted); | 1755 | return cap_capget(target, effective, inheritable, permitted); |
| 1770 | } | 1756 | } |
| 1771 | 1757 | ||
| 1772 | static inline int security_capset_check(struct task_struct *target, | 1758 | static inline int security_capset_check(kernel_cap_t *effective, |
| 1773 | kernel_cap_t *effective, | 1759 | kernel_cap_t *inheritable, |
| 1774 | kernel_cap_t *inheritable, | 1760 | kernel_cap_t *permitted) |
| 1775 | kernel_cap_t *permitted) | ||
| 1776 | { | 1761 | { |
| 1777 | return cap_capset_check(target, effective, inheritable, permitted); | 1762 | return cap_capset_check(effective, inheritable, permitted); |
| 1778 | } | 1763 | } |
| 1779 | 1764 | ||
| 1780 | static inline void security_capset_set(struct task_struct *target, | 1765 | static inline void security_capset_set(kernel_cap_t *effective, |
| 1781 | kernel_cap_t *effective, | 1766 | kernel_cap_t *inheritable, |
| 1782 | kernel_cap_t *inheritable, | 1767 | kernel_cap_t *permitted) |
| 1783 | kernel_cap_t *permitted) | ||
| 1784 | { | 1768 | { |
| 1785 | cap_capset_set(target, effective, inheritable, permitted); | 1769 | cap_capset_set(effective, inheritable, permitted); |
| 1786 | } | 1770 | } |
| 1787 | 1771 | ||
| 1788 | static inline int security_capable(struct task_struct *tsk, int cap) | 1772 | static inline int security_capable(struct task_struct *tsk, int cap) |
diff --git a/kernel/capability.c b/kernel/capability.c index adb262f83de1..58b00519624a 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
| @@ -127,160 +127,6 @@ static int cap_validate_magic(cap_user_header_t header, unsigned *tocopy) | |||
| 127 | return 0; | 127 | return 0; |
| 128 | } | 128 | } |
| 129 | 129 | ||
| 130 | #ifndef CONFIG_SECURITY_FILE_CAPABILITIES | ||
| 131 | |||
| 132 | /* | ||
| 133 | * Without filesystem capability support, we nominally support one process | ||
| 134 | * setting the capabilities of another | ||
| 135 | */ | ||
| 136 | static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp, | ||
| 137 | kernel_cap_t *pIp, kernel_cap_t *pPp) | ||
| 138 | { | ||
| 139 | struct task_struct *target; | ||
| 140 | int ret; | ||
| 141 | |||
| 142 | spin_lock(&task_capability_lock); | ||
| 143 | read_lock(&tasklist_lock); | ||
| 144 | |||
| 145 | if (pid && pid != task_pid_vnr(current)) { | ||
| 146 | target = find_task_by_vpid(pid); | ||
| 147 | if (!target) { | ||
| 148 | ret = -ESRCH; | ||
| 149 | goto out; | ||
| 150 | } | ||
| 151 | } else | ||
| 152 | target = current; | ||
| 153 | |||
| 154 | ret = security_capget(target, pEp, pIp, pPp); | ||
| 155 | |||
| 156 | out: | ||
| 157 | read_unlock(&tasklist_lock); | ||
| 158 | spin_unlock(&task_capability_lock); | ||
| 159 | |||
| 160 | return ret; | ||
| 161 | } | ||
| 162 | |||
| 163 | /* | ||
| 164 | * cap_set_pg - set capabilities for all processes in a given process | ||
| 165 | * group. We call this holding task_capability_lock and tasklist_lock. | ||
| 166 | */ | ||
| 167 | static inline int cap_set_pg(int pgrp_nr, kernel_cap_t *effective, | ||
| 168 | kernel_cap_t *inheritable, | ||
| 169 | kernel_cap_t *permitted) | ||
| 170 | { | ||
| 171 | struct task_struct *g, *target; | ||
| 172 | int ret = -EPERM; | ||
| 173 | int found = 0; | ||
| 174 | struct pid *pgrp; | ||
| 175 | |||
| 176 | spin_lock(&task_capability_lock); | ||
| 177 | read_lock(&tasklist_lock); | ||
| 178 | |||
| 179 | pgrp = find_vpid(pgrp_nr); | ||
| 180 | do_each_pid_task(pgrp, PIDTYPE_PGID, g) { | ||
| 181 | target = g; | ||
| 182 | while_each_thread(g, target) { | ||
| 183 | if (!security_capset_check(target, effective, | ||
| 184 | inheritable, permitted)) { | ||
| 185 | security_capset_set(target, effective, | ||
| 186 | inheritable, permitted); | ||
| 187 | ret = 0; | ||
| 188 | } | ||
| 189 | found = 1; | ||
| 190 | } | ||
| 191 | } while_each_pid_task(pgrp, PIDTYPE_PGID, g); | ||
| 192 | |||
| 193 | read_unlock(&tasklist_lock); | ||
| 194 | spin_unlock(&task_capability_lock); | ||
| 195 | |||
| 196 | if (!found) | ||
| 197 | ret = 0; | ||
| 198 | return ret; | ||
| 199 | } | ||
| 200 | |||
| 201 | /* | ||
| 202 | * cap_set_all - set capabilities for all processes other than init | ||
| 203 | * and self. We call this holding task_capability_lock and tasklist_lock. | ||
| 204 | */ | ||
| 205 | static inline int cap_set_all(kernel_cap_t *effective, | ||
| 206 | kernel_cap_t *inheritable, | ||
| 207 | kernel_cap_t *permitted) | ||
| 208 | { | ||
| 209 | struct task_struct *g, *target; | ||
| 210 | int ret = -EPERM; | ||
| 211 | int found = 0; | ||
| 212 | |||
| 213 | spin_lock(&task_capability_lock); | ||
| 214 | read_lock(&tasklist_lock); | ||
| 215 | |||
| 216 | do_each_thread(g, target) { | ||
| 217 | if (target == current | ||
| 218 | || is_container_init(target->group_leader)) | ||
| 219 | continue; | ||
| 220 | found = 1; | ||
| 221 | if (security_capset_check(target, effective, inheritable, | ||
| 222 | permitted)) | ||
| 223 | continue; | ||
| 224 | ret = 0; | ||
| 225 | security_capset_set(target, effective, inheritable, permitted); | ||
| 226 | } while_each_thread(g, target); | ||
| 227 | |||
| 228 | read_unlock(&tasklist_lock); | ||
| 229 | spin_unlock(&task_capability_lock); | ||
| 230 | |||
| 231 | if (!found) | ||
| 232 | ret = 0; | ||
| 233 | |||
| 234 | return ret; | ||
| 235 | } | ||
| 236 | |||
| 237 | /* | ||
| 238 | * Given the target pid does not refer to the current process we | ||
| 239 | * need more elaborate support... (This support is not present when | ||
| 240 | * filesystem capabilities are configured.) | ||
| 241 | */ | ||
| 242 | static inline int do_sys_capset_other_tasks(pid_t pid, kernel_cap_t *effective, | ||
| 243 | kernel_cap_t *inheritable, | ||
| 244 | kernel_cap_t *permitted) | ||
| 245 | { | ||
| 246 | struct task_struct *target; | ||
| 247 | int ret; | ||
| 248 | |||
| 249 | if (!capable(CAP_SETPCAP)) | ||
| 250 | return -EPERM; | ||
| 251 | |||
| 252 | if (pid == -1) /* all procs other than current and init */ | ||
| 253 | return cap_set_all(effective, inheritable, permitted); | ||
| 254 | |||
| 255 | else if (pid < 0) /* all procs in process group */ | ||
| 256 | return cap_set_pg(-pid, effective, inheritable, permitted); | ||
| 257 | |||
| 258 | /* target != current */ | ||
| 259 | spin_lock(&task_capability_lock); | ||
| 260 | read_lock(&tasklist_lock); | ||
| 261 | |||
| 262 | target = find_task_by_vpid(pid); | ||
| 263 | if (!target) | ||
| 264 | ret = -ESRCH; | ||
| 265 | else { | ||
| 266 | ret = security_capset_check(target, effective, inheritable, | ||
| 267 | permitted); | ||
| 268 | |||
| 269 | /* having verified that the proposed changes are legal, | ||
| 270 | we now put them into effect. */ | ||
| 271 | if (!ret) | ||
| 272 | security_capset_set(target, effective, inheritable, | ||
| 273 | permitted); | ||
| 274 | } | ||
| 275 | |||
| 276 | read_unlock(&tasklist_lock); | ||
| 277 | spin_unlock(&task_capability_lock); | ||
| 278 | |||
| 279 | return ret; | ||
| 280 | } | ||
| 281 | |||
| 282 | #else /* ie., def CONFIG_SECURITY_FILE_CAPABILITIES */ | ||
| 283 | |||
| 284 | /* | 130 | /* |
| 285 | * If we have configured with filesystem capability support, then the | 131 | * If we have configured with filesystem capability support, then the |
| 286 | * only thing that can change the capabilities of the current process | 132 | * only thing that can change the capabilities of the current process |
| @@ -315,22 +161,6 @@ static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp, | |||
| 315 | } | 161 | } |
| 316 | 162 | ||
| 317 | /* | 163 | /* |
| 318 | * With filesystem capability support configured, the kernel does not | ||
| 319 | * permit the changing of capabilities in one process by another | ||
| 320 | * process. (CAP_SETPCAP has much less broad semantics when configured | ||
| 321 | * this way.) | ||
| 322 | */ | ||
| 323 | static inline int do_sys_capset_other_tasks(pid_t pid, | ||
| 324 | kernel_cap_t *effective, | ||
| 325 | kernel_cap_t *inheritable, | ||
| 326 | kernel_cap_t *permitted) | ||
| 327 | { | ||
| 328 | return -EPERM; | ||
| 329 | } | ||
| 330 | |||
| 331 | #endif /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */ | ||
| 332 | |||
| 333 | /* | ||
| 334 | * Atomically modify the effective capabilities returning the original | 164 | * Atomically modify the effective capabilities returning the original |
| 335 | * value. No permission check is performed here - it is assumed that the | 165 | * value. No permission check is performed here - it is assumed that the |
| 336 | * caller is permitted to set the desired effective capabilities. | 166 | * caller is permitted to set the desired effective capabilities. |
| @@ -424,16 +254,14 @@ asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) | |||
| 424 | * @data: pointer to struct that contains the effective, permitted, | 254 | * @data: pointer to struct that contains the effective, permitted, |
| 425 | * and inheritable capabilities | 255 | * and inheritable capabilities |
| 426 | * | 256 | * |
| 427 | * Set capabilities for a given process, all processes, or all | 257 | * Set capabilities for the current process only. The ability to any other |
| 428 | * processes in a given process group. | 258 | * process(es) has been deprecated and removed. |
| 429 | * | 259 | * |
| 430 | * The restrictions on setting capabilities are specified as: | 260 | * The restrictions on setting capabilities are specified as: |
| 431 | * | 261 | * |
| 432 | * [pid is for the 'target' task. 'current' is the calling task.] | 262 | * I: any raised capabilities must be a subset of the old permitted |
| 433 | * | 263 | * P: any raised capabilities must be a subset of the old permitted |
| 434 | * I: any raised capabilities must be a subset of the (old current) permitted | 264 | * E: must be set to a subset of new permitted |
| 435 | * P: any raised capabilities must be a subset of the (old current) permitted | ||
| 436 | * E: must be set to a subset of (new target) permitted | ||
| 437 | * | 265 | * |
| 438 | * Returns 0 on success and < 0 on error. | 266 | * Returns 0 on success and < 0 on error. |
| 439 | */ | 267 | */ |
| @@ -452,10 +280,13 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) | |||
| 452 | if (get_user(pid, &header->pid)) | 280 | if (get_user(pid, &header->pid)) |
| 453 | return -EFAULT; | 281 | return -EFAULT; |
| 454 | 282 | ||
| 283 | /* may only affect current now */ | ||
| 284 | if (pid != 0 && pid != task_pid_vnr(current)) | ||
| 285 | return -EPERM; | ||
| 286 | |||
| 455 | if (copy_from_user(&kdata, data, tocopy | 287 | if (copy_from_user(&kdata, data, tocopy |
| 456 | * sizeof(struct __user_cap_data_struct))) { | 288 | * sizeof(struct __user_cap_data_struct))) |
| 457 | return -EFAULT; | 289 | return -EFAULT; |
| 458 | } | ||
| 459 | 290 | ||
| 460 | for (i = 0; i < tocopy; i++) { | 291 | for (i = 0; i < tocopy; i++) { |
| 461 | effective.cap[i] = kdata[i].effective; | 292 | effective.cap[i] = kdata[i].effective; |
| @@ -473,32 +304,20 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) | |||
| 473 | if (ret) | 304 | if (ret) |
| 474 | return ret; | 305 | return ret; |
| 475 | 306 | ||
| 476 | if (pid && (pid != task_pid_vnr(current))) | 307 | /* This lock is required even when filesystem capability support is |
| 477 | ret = do_sys_capset_other_tasks(pid, &effective, &inheritable, | 308 | * configured - it protects the sys_capget() call from returning |
| 478 | &permitted); | 309 | * incorrect data in the case that the targeted process is not the |
| 479 | else { | 310 | * current one. |
| 480 | /* | 311 | */ |
| 481 | * This lock is required even when filesystem | 312 | spin_lock(&task_capability_lock); |
| 482 | * capability support is configured - it protects the | ||
| 483 | * sys_capget() call from returning incorrect data in | ||
| 484 | * the case that the targeted process is not the | ||
| 485 | * current one. | ||
| 486 | */ | ||
| 487 | spin_lock(&task_capability_lock); | ||
| 488 | |||
| 489 | ret = security_capset_check(current, &effective, &inheritable, | ||
| 490 | &permitted); | ||
| 491 | /* | ||
| 492 | * Having verified that the proposed changes are | ||
| 493 | * legal, we now put them into effect. | ||
| 494 | */ | ||
| 495 | if (!ret) | ||
| 496 | security_capset_set(current, &effective, &inheritable, | ||
| 497 | &permitted); | ||
| 498 | spin_unlock(&task_capability_lock); | ||
| 499 | } | ||
| 500 | |||
| 501 | 313 | ||
| 314 | ret = security_capset_check(&effective, &inheritable, &permitted); | ||
| 315 | /* Having verified that the proposed changes are legal, we now put them | ||
| 316 | * into effect. | ||
| 317 | */ | ||
| 318 | if (!ret) | ||
| 319 | security_capset_set(&effective, &inheritable, &permitted); | ||
| 320 | spin_unlock(&task_capability_lock); | ||
| 502 | return ret; | 321 | return ret; |
| 503 | } | 322 | } |
| 504 | 323 | ||
diff --git a/security/commoncap.c b/security/commoncap.c index 8283271f0768..e3f36ef629fa 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -96,15 +96,6 @@ int cap_capget (struct task_struct *target, kernel_cap_t *effective, | |||
| 96 | 96 | ||
| 97 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | 97 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES |
| 98 | 98 | ||
| 99 | static inline int cap_block_setpcap(struct task_struct *target) | ||
| 100 | { | ||
| 101 | /* | ||
| 102 | * No support for remote process capability manipulation with | ||
| 103 | * filesystem capability support. | ||
| 104 | */ | ||
| 105 | return (target != current); | ||
| 106 | } | ||
| 107 | |||
| 108 | static inline int cap_inh_is_capped(void) | 99 | static inline int cap_inh_is_capped(void) |
| 109 | { | 100 | { |
| 110 | /* | 101 | /* |
| @@ -119,7 +110,6 @@ static inline int cap_limit_ptraced_target(void) { return 1; } | |||
| 119 | 110 | ||
| 120 | #else /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */ | 111 | #else /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */ |
| 121 | 112 | ||
| 122 | static inline int cap_block_setpcap(struct task_struct *t) { return 0; } | ||
| 123 | static inline int cap_inh_is_capped(void) { return 1; } | 113 | static inline int cap_inh_is_capped(void) { return 1; } |
| 124 | static inline int cap_limit_ptraced_target(void) | 114 | static inline int cap_limit_ptraced_target(void) |
| 125 | { | 115 | { |
| @@ -128,21 +118,18 @@ static inline int cap_limit_ptraced_target(void) | |||
| 128 | 118 | ||
| 129 | #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ | 119 | #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ |
| 130 | 120 | ||
| 131 | int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, | 121 | int cap_capset_check (kernel_cap_t *effective, |
| 132 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 122 | kernel_cap_t *inheritable, kernel_cap_t *permitted) |
| 133 | { | 123 | { |
| 134 | if (cap_block_setpcap(target)) { | ||
| 135 | return -EPERM; | ||
| 136 | } | ||
| 137 | if (cap_inh_is_capped() | 124 | if (cap_inh_is_capped() |
| 138 | && !cap_issubset(*inheritable, | 125 | && !cap_issubset(*inheritable, |
| 139 | cap_combine(target->cap_inheritable, | 126 | cap_combine(current->cap_inheritable, |
| 140 | current->cap_permitted))) { | 127 | current->cap_permitted))) { |
| 141 | /* incapable of using this inheritable set */ | 128 | /* incapable of using this inheritable set */ |
| 142 | return -EPERM; | 129 | return -EPERM; |
| 143 | } | 130 | } |
| 144 | if (!cap_issubset(*inheritable, | 131 | if (!cap_issubset(*inheritable, |
| 145 | cap_combine(target->cap_inheritable, | 132 | cap_combine(current->cap_inheritable, |
| 146 | current->cap_bset))) { | 133 | current->cap_bset))) { |
| 147 | /* no new pI capabilities outside bounding set */ | 134 | /* no new pI capabilities outside bounding set */ |
| 148 | return -EPERM; | 135 | return -EPERM; |
| @@ -150,7 +137,7 @@ int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, | |||
| 150 | 137 | ||
| 151 | /* verify restrictions on target's new Permitted set */ | 138 | /* verify restrictions on target's new Permitted set */ |
| 152 | if (!cap_issubset (*permitted, | 139 | if (!cap_issubset (*permitted, |
| 153 | cap_combine (target->cap_permitted, | 140 | cap_combine (current->cap_permitted, |
| 154 | current->cap_permitted))) { | 141 | current->cap_permitted))) { |
| 155 | return -EPERM; | 142 | return -EPERM; |
| 156 | } | 143 | } |
| @@ -163,12 +150,12 @@ int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, | |||
| 163 | return 0; | 150 | return 0; |
| 164 | } | 151 | } |
| 165 | 152 | ||
| 166 | void cap_capset_set (struct task_struct *target, kernel_cap_t *effective, | 153 | void cap_capset_set (kernel_cap_t *effective, |
| 167 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 154 | kernel_cap_t *inheritable, kernel_cap_t *permitted) |
| 168 | { | 155 | { |
| 169 | target->cap_effective = *effective; | 156 | current->cap_effective = *effective; |
| 170 | target->cap_inheritable = *inheritable; | 157 | current->cap_inheritable = *inheritable; |
| 171 | target->cap_permitted = *permitted; | 158 | current->cap_permitted = *permitted; |
| 172 | } | 159 | } |
| 173 | 160 | ||
| 174 | static inline void bprm_clear_caps(struct linux_binprm *bprm) | 161 | static inline void bprm_clear_caps(struct linux_binprm *bprm) |
diff --git a/security/security.c b/security/security.c index 346f21e0ec2c..dca37381e2a7 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -145,20 +145,18 @@ int security_capget(struct task_struct *target, | |||
| 145 | return security_ops->capget(target, effective, inheritable, permitted); | 145 | return security_ops->capget(target, effective, inheritable, permitted); |
| 146 | } | 146 | } |
| 147 | 147 | ||
| 148 | int security_capset_check(struct task_struct *target, | 148 | int security_capset_check(kernel_cap_t *effective, |
| 149 | kernel_cap_t *effective, | 149 | kernel_cap_t *inheritable, |
| 150 | kernel_cap_t *inheritable, | 150 | kernel_cap_t *permitted) |
| 151 | kernel_cap_t *permitted) | ||
| 152 | { | 151 | { |
| 153 | return security_ops->capset_check(target, effective, inheritable, permitted); | 152 | return security_ops->capset_check(effective, inheritable, permitted); |
| 154 | } | 153 | } |
| 155 | 154 | ||
| 156 | void security_capset_set(struct task_struct *target, | 155 | void security_capset_set(kernel_cap_t *effective, |
| 157 | kernel_cap_t *effective, | 156 | kernel_cap_t *inheritable, |
| 158 | kernel_cap_t *inheritable, | 157 | kernel_cap_t *permitted) |
| 159 | kernel_cap_t *permitted) | ||
| 160 | { | 158 | { |
| 161 | security_ops->capset_set(target, effective, inheritable, permitted); | 159 | security_ops->capset_set(effective, inheritable, permitted); |
| 162 | } | 160 | } |
| 163 | 161 | ||
| 164 | int security_capable(struct task_struct *tsk, int cap) | 162 | int security_capable(struct task_struct *tsk, int cap) |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 378dc53c08e8..df9986940e9c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1790,22 +1790,22 @@ static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, | |||
| 1790 | return secondary_ops->capget(target, effective, inheritable, permitted); | 1790 | return secondary_ops->capget(target, effective, inheritable, permitted); |
| 1791 | } | 1791 | } |
| 1792 | 1792 | ||
| 1793 | static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective, | 1793 | static int selinux_capset_check(kernel_cap_t *effective, |
| 1794 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 1794 | kernel_cap_t *inheritable, kernel_cap_t *permitted) |
| 1795 | { | 1795 | { |
| 1796 | int error; | 1796 | int error; |
| 1797 | 1797 | ||
| 1798 | error = secondary_ops->capset_check(target, effective, inheritable, permitted); | 1798 | error = secondary_ops->capset_check(effective, inheritable, permitted); |
| 1799 | if (error) | 1799 | if (error) |
| 1800 | return error; | 1800 | return error; |
| 1801 | 1801 | ||
| 1802 | return task_has_perm(current, target, PROCESS__SETCAP); | 1802 | return task_has_perm(current, current, PROCESS__SETCAP); |
| 1803 | } | 1803 | } |
| 1804 | 1804 | ||
| 1805 | static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective, | 1805 | static void selinux_capset_set(kernel_cap_t *effective, |
| 1806 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 1806 | kernel_cap_t *inheritable, kernel_cap_t *permitted) |
| 1807 | { | 1807 | { |
| 1808 | secondary_ops->capset_set(target, effective, inheritable, permitted); | 1808 | secondary_ops->capset_set(effective, inheritable, permitted); |
| 1809 | } | 1809 | } |
| 1810 | 1810 | ||
| 1811 | static int selinux_capable(struct task_struct *tsk, int cap, int audit) | 1811 | static int selinux_capable(struct task_struct *tsk, int cap, int audit) |