diff options
-rw-r--r-- | include/linux/security.h | 20 | ||||
-rw-r--r-- | kernel/sys.c | 16 | ||||
-rw-r--r-- | security/capability.c | 6 | ||||
-rw-r--r-- | security/security.c | 5 |
4 files changed, 0 insertions, 47 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 447c57fcec88..04ce0d6e4edf 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -683,18 +683,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
683 | * @old is the set of credentials that are being replaces | 683 | * @old is the set of credentials that are being replaces |
684 | * @flags contains one of the LSM_SETID_* values. | 684 | * @flags contains one of the LSM_SETID_* values. |
685 | * Return 0 on success. | 685 | * Return 0 on success. |
686 | * @task_setgid: | ||
687 | * Check permission before setting one or more of the group identity | ||
688 | * attributes of the current process. The @flags parameter indicates | ||
689 | * which of the set*gid system calls invoked this hook and how to | ||
690 | * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID | ||
691 | * definitions at the beginning of this file for the @flags values and | ||
692 | * their meanings. | ||
693 | * @id0 contains a gid. | ||
694 | * @id1 contains a gid. | ||
695 | * @id2 contains a gid. | ||
696 | * @flags contains one of the LSM_SETID_* values. | ||
697 | * Return 0 if permission is granted. | ||
698 | * @task_setpgid: | 686 | * @task_setpgid: |
699 | * Check permission before setting the process group identifier of the | 687 | * Check permission before setting the process group identifier of the |
700 | * process @p to @pgid. | 688 | * process @p to @pgid. |
@@ -1526,7 +1514,6 @@ struct security_operations { | |||
1526 | int (*kernel_module_request)(char *kmod_name); | 1514 | int (*kernel_module_request)(char *kmod_name); |
1527 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, | 1515 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, |
1528 | int flags); | 1516 | int flags); |
1529 | int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); | ||
1530 | int (*task_setpgid) (struct task_struct *p, pid_t pgid); | 1517 | int (*task_setpgid) (struct task_struct *p, pid_t pgid); |
1531 | int (*task_getpgid) (struct task_struct *p); | 1518 | int (*task_getpgid) (struct task_struct *p); |
1532 | int (*task_getsid) (struct task_struct *p); | 1519 | int (*task_getsid) (struct task_struct *p); |
@@ -1782,7 +1769,6 @@ int security_kernel_create_files_as(struct cred *new, struct inode *inode); | |||
1782 | int security_kernel_module_request(char *kmod_name); | 1769 | int security_kernel_module_request(char *kmod_name); |
1783 | int security_task_fix_setuid(struct cred *new, const struct cred *old, | 1770 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
1784 | int flags); | 1771 | int flags); |
1785 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); | ||
1786 | int security_task_setpgid(struct task_struct *p, pid_t pgid); | 1772 | int security_task_setpgid(struct task_struct *p, pid_t pgid); |
1787 | int security_task_getpgid(struct task_struct *p); | 1773 | int security_task_getpgid(struct task_struct *p); |
1788 | int security_task_getsid(struct task_struct *p); | 1774 | int security_task_getsid(struct task_struct *p); |
@@ -2323,12 +2309,6 @@ static inline int security_task_fix_setuid(struct cred *new, | |||
2323 | return cap_task_fix_setuid(new, old, flags); | 2309 | return cap_task_fix_setuid(new, old, flags); |
2324 | } | 2310 | } |
2325 | 2311 | ||
2326 | static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, | ||
2327 | int flags) | ||
2328 | { | ||
2329 | return 0; | ||
2330 | } | ||
2331 | |||
2332 | static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) | 2312 | static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) |
2333 | { | 2313 | { |
2334 | return 0; | 2314 | return 0; |
diff --git a/kernel/sys.c b/kernel/sys.c index 396c11cd9a20..eb1ec5c7f03b 100644 --- a/kernel/sys.c +++ b/kernel/sys.c | |||
@@ -491,10 +491,6 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) | |||
491 | return -ENOMEM; | 491 | return -ENOMEM; |
492 | old = current_cred(); | 492 | old = current_cred(); |
493 | 493 | ||
494 | retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE); | ||
495 | if (retval) | ||
496 | goto error; | ||
497 | |||
498 | retval = -EPERM; | 494 | retval = -EPERM; |
499 | if (rgid != (gid_t) -1) { | 495 | if (rgid != (gid_t) -1) { |
500 | if (old->gid == rgid || | 496 | if (old->gid == rgid || |
@@ -542,10 +538,6 @@ SYSCALL_DEFINE1(setgid, gid_t, gid) | |||
542 | return -ENOMEM; | 538 | return -ENOMEM; |
543 | old = current_cred(); | 539 | old = current_cred(); |
544 | 540 | ||
545 | retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID); | ||
546 | if (retval) | ||
547 | goto error; | ||
548 | |||
549 | retval = -EPERM; | 541 | retval = -EPERM; |
550 | if (capable(CAP_SETGID)) | 542 | if (capable(CAP_SETGID)) |
551 | new->gid = new->egid = new->sgid = new->fsgid = gid; | 543 | new->gid = new->egid = new->sgid = new->fsgid = gid; |
@@ -776,10 +768,6 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) | |||
776 | return -ENOMEM; | 768 | return -ENOMEM; |
777 | old = current_cred(); | 769 | old = current_cred(); |
778 | 770 | ||
779 | retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES); | ||
780 | if (retval) | ||
781 | goto error; | ||
782 | |||
783 | retval = -EPERM; | 771 | retval = -EPERM; |
784 | if (!capable(CAP_SETGID)) { | 772 | if (!capable(CAP_SETGID)) { |
785 | if (rgid != (gid_t) -1 && rgid != old->gid && | 773 | if (rgid != (gid_t) -1 && rgid != old->gid && |
@@ -872,9 +860,6 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) | |||
872 | old = current_cred(); | 860 | old = current_cred(); |
873 | old_fsgid = old->fsgid; | 861 | old_fsgid = old->fsgid; |
874 | 862 | ||
875 | if (security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)) | ||
876 | goto error; | ||
877 | |||
878 | if (gid == old->gid || gid == old->egid || | 863 | if (gid == old->gid || gid == old->egid || |
879 | gid == old->sgid || gid == old->fsgid || | 864 | gid == old->sgid || gid == old->fsgid || |
880 | capable(CAP_SETGID)) { | 865 | capable(CAP_SETGID)) { |
@@ -884,7 +869,6 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) | |||
884 | } | 869 | } |
885 | } | 870 | } |
886 | 871 | ||
887 | error: | ||
888 | abort_creds(new); | 872 | abort_creds(new); |
889 | return old_fsgid; | 873 | return old_fsgid; |
890 | 874 | ||
diff --git a/security/capability.c b/security/capability.c index 41ff54f3b4d8..66cd7453563f 100644 --- a/security/capability.c +++ b/security/capability.c | |||
@@ -392,11 +392,6 @@ static int cap_kernel_module_request(char *kmod_name) | |||
392 | return 0; | 392 | return 0; |
393 | } | 393 | } |
394 | 394 | ||
395 | static int cap_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | ||
396 | { | ||
397 | return 0; | ||
398 | } | ||
399 | |||
400 | static int cap_task_setpgid(struct task_struct *p, pid_t pgid) | 395 | static int cap_task_setpgid(struct task_struct *p, pid_t pgid) |
401 | { | 396 | { |
402 | return 0; | 397 | return 0; |
@@ -968,7 +963,6 @@ void security_fixup_ops(struct security_operations *ops) | |||
968 | set_to_cap_if_null(ops, kernel_create_files_as); | 963 | set_to_cap_if_null(ops, kernel_create_files_as); |
969 | set_to_cap_if_null(ops, kernel_module_request); | 964 | set_to_cap_if_null(ops, kernel_module_request); |
970 | set_to_cap_if_null(ops, task_fix_setuid); | 965 | set_to_cap_if_null(ops, task_fix_setuid); |
971 | set_to_cap_if_null(ops, task_setgid); | ||
972 | set_to_cap_if_null(ops, task_setpgid); | 966 | set_to_cap_if_null(ops, task_setpgid); |
973 | set_to_cap_if_null(ops, task_getpgid); | 967 | set_to_cap_if_null(ops, task_getpgid); |
974 | set_to_cap_if_null(ops, task_getsid); | 968 | set_to_cap_if_null(ops, task_getsid); |
diff --git a/security/security.c b/security/security.c index 3900da3da87b..1e35dd669209 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -738,11 +738,6 @@ int security_task_fix_setuid(struct cred *new, const struct cred *old, | |||
738 | return security_ops->task_fix_setuid(new, old, flags); | 738 | return security_ops->task_fix_setuid(new, old, flags); |
739 | } | 739 | } |
740 | 740 | ||
741 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | ||
742 | { | ||
743 | return security_ops->task_setgid(id0, id1, id2, flags); | ||
744 | } | ||
745 | |||
746 | int security_task_setpgid(struct task_struct *p, pid_t pgid) | 741 | int security_task_setpgid(struct task_struct *p, pid_t pgid) |
747 | { | 742 | { |
748 | return security_ops->task_setpgid(p, pgid); | 743 | return security_ops->task_setpgid(p, pgid); |