diff options
Diffstat (limited to 'include/linux/securebits.h')
| -rw-r--r-- | include/linux/securebits.h | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/include/linux/securebits.h b/include/linux/securebits.h index 5b0617840fa4..c1f19dbceb05 100644 --- a/include/linux/securebits.h +++ b/include/linux/securebits.h | |||
| @@ -3,28 +3,39 @@ | |||
| 3 | 3 | ||
| 4 | #define SECUREBITS_DEFAULT 0x00000000 | 4 | #define SECUREBITS_DEFAULT 0x00000000 |
| 5 | 5 | ||
| 6 | extern unsigned securebits; | ||
| 7 | |||
| 8 | /* When set UID 0 has no special privileges. When unset, we support | 6 | /* When set UID 0 has no special privileges. When unset, we support |
| 9 | inheritance of root-permissions and suid-root executable under | 7 | inheritance of root-permissions and suid-root executable under |
| 10 | compatibility mode. We raise the effective and inheritable bitmasks | 8 | compatibility mode. We raise the effective and inheritable bitmasks |
| 11 | *of the executable file* if the effective uid of the new process is | 9 | *of the executable file* if the effective uid of the new process is |
| 12 | 0. If the real uid is 0, we raise the inheritable bitmask of the | 10 | 0. If the real uid is 0, we raise the inheritable bitmask of the |
| 13 | executable file. */ | 11 | executable file. */ |
| 14 | #define SECURE_NOROOT 0 | 12 | #define SECURE_NOROOT 0 |
| 13 | #define SECURE_NOROOT_LOCKED 1 /* make bit-0 immutable */ | ||
| 15 | 14 | ||
| 16 | /* When set, setuid to/from uid 0 does not trigger capability-"fixes" | 15 | /* When set, setuid to/from uid 0 does not trigger capability-"fixes" |
| 17 | to be compatible with old programs relying on set*uid to loose | 16 | to be compatible with old programs relying on set*uid to loose |
| 18 | privileges. When unset, setuid doesn't change privileges. */ | 17 | privileges. When unset, setuid doesn't change privileges. */ |
| 19 | #define SECURE_NO_SETUID_FIXUP 2 | 18 | #define SECURE_NO_SETUID_FIXUP 2 |
| 19 | #define SECURE_NO_SETUID_FIXUP_LOCKED 3 /* make bit-2 immutable */ | ||
| 20 | |||
| 21 | /* When set, a process can retain its capabilities even after | ||
| 22 | transitioning to a non-root user (the set-uid fixup suppressed by | ||
| 23 | bit 2). Bit-4 is cleared when a process calls exec(); setting both | ||
| 24 | bit 4 and 5 will create a barrier through exec that no exec()'d | ||
| 25 | child can use this feature again. */ | ||
| 26 | #define SECURE_KEEP_CAPS 4 | ||
| 27 | #define SECURE_KEEP_CAPS_LOCKED 5 /* make bit-4 immutable */ | ||
| 20 | 28 | ||
| 21 | /* Each securesetting is implemented using two bits. One bit specify | 29 | /* Each securesetting is implemented using two bits. One bit specify |
| 22 | whether the setting is on or off. The other bit specify whether the | 30 | whether the setting is on or off. The other bit specify whether the |
| 23 | setting is fixed or not. A setting which is fixed cannot be changed | 31 | setting is fixed or not. A setting which is fixed cannot be changed |
| 24 | from user-level. */ | 32 | from user-level. */ |
| 33 | #define issecure_mask(X) (1 << (X)) | ||
| 34 | #define issecure(X) (issecure_mask(X) & current->securebits) | ||
| 25 | 35 | ||
| 26 | #define issecure(X) ( (1 << (X+1)) & SECUREBITS_DEFAULT ? \ | 36 | #define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \ |
| 27 | (1 << (X)) & SECUREBITS_DEFAULT : \ | 37 | issecure_mask(SECURE_NO_SETUID_FIXUP) | \ |
| 28 | (1 << (X)) & securebits ) | 38 | issecure_mask(SECURE_KEEP_CAPS)) |
| 39 | #define SECURE_ALL_LOCKS (SECURE_ALL_BITS << 1) | ||
| 29 | 40 | ||
| 30 | #endif /* !_LINUX_SECUREBITS_H */ | 41 | #endif /* !_LINUX_SECUREBITS_H */ |