diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/binfmts.h | 3 | ||||
-rw-r--r-- | include/linux/capability.h | 48 | ||||
-rw-r--r-- | include/linux/fs.h | 1 | ||||
-rw-r--r-- | include/linux/security.h | 40 |
4 files changed, 73 insertions, 19 deletions
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h index 3a6512f8ec94..b7fc55ec8d48 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h | |||
@@ -37,7 +37,8 @@ struct linux_binprm{ | |||
37 | int sh_bang; | 37 | int sh_bang; |
38 | struct file * file; | 38 | struct file * file; |
39 | int e_uid, e_gid; | 39 | int e_uid, e_gid; |
40 | kernel_cap_t cap_inheritable, cap_permitted, cap_effective; | 40 | kernel_cap_t cap_inheritable, cap_permitted; |
41 | bool cap_effective; | ||
41 | void *security; | 42 | void *security; |
42 | int argc, envc; | 43 | int argc, envc; |
43 | char * filename; /* Name of binary as seen by procps */ | 44 | char * filename; /* Name of binary as seen by procps */ |
diff --git a/include/linux/capability.h b/include/linux/capability.h index 2dfa58555934..8961e7fb755c 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h | |||
@@ -1,14 +1,14 @@ | |||
1 | /* | 1 | /* |
2 | * This is <linux/capability.h> | 2 | * This is <linux/capability.h> |
3 | * | 3 | * |
4 | * Andrew G. Morgan <morgan@transmeta.com> | 4 | * Andrew G. Morgan <morgan@kernel.org> |
5 | * Alexander Kjeldaas <astor@guardian.no> | 5 | * Alexander Kjeldaas <astor@guardian.no> |
6 | * with help from Aleph1, Roland Buresund and Andrew Main. | 6 | * with help from Aleph1, Roland Buresund and Andrew Main. |
7 | * | 7 | * |
8 | * See here for the libcap library ("POSIX draft" compliance): | 8 | * See here for the libcap library ("POSIX draft" compliance): |
9 | * | 9 | * |
10 | * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/ | 10 | * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ |
11 | */ | 11 | */ |
12 | 12 | ||
13 | #ifndef _LINUX_CAPABILITY_H | 13 | #ifndef _LINUX_CAPABILITY_H |
14 | #define _LINUX_CAPABILITY_H | 14 | #define _LINUX_CAPABILITY_H |
@@ -28,23 +28,41 @@ struct task_struct; | |||
28 | following structure to such a composite is better handled in a user | 28 | following structure to such a composite is better handled in a user |
29 | library since the draft standard requires the use of malloc/free | 29 | library since the draft standard requires the use of malloc/free |
30 | etc.. */ | 30 | etc.. */ |
31 | 31 | ||
32 | #define _LINUX_CAPABILITY_VERSION 0x19980330 | 32 | #define _LINUX_CAPABILITY_VERSION 0x19980330 |
33 | 33 | ||
34 | typedef struct __user_cap_header_struct { | 34 | typedef struct __user_cap_header_struct { |
35 | __u32 version; | 35 | __u32 version; |
36 | int pid; | 36 | int pid; |
37 | } __user *cap_user_header_t; | 37 | } __user *cap_user_header_t; |
38 | 38 | ||
39 | typedef struct __user_cap_data_struct { | 39 | typedef struct __user_cap_data_struct { |
40 | __u32 effective; | 40 | __u32 effective; |
41 | __u32 permitted; | 41 | __u32 permitted; |
42 | __u32 inheritable; | 42 | __u32 inheritable; |
43 | } __user *cap_user_data_t; | 43 | } __user *cap_user_data_t; |
44 | |||
45 | #ifdef __KERNEL__ | ||
46 | 44 | ||
47 | #include <asm/current.h> | 45 | #define XATTR_CAPS_SUFFIX "capability" |
46 | #define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX | ||
47 | |||
48 | #define XATTR_CAPS_SZ (3*sizeof(__le32)) | ||
49 | #define VFS_CAP_REVISION_MASK 0xFF000000 | ||
50 | #define VFS_CAP_REVISION_1 0x01000000 | ||
51 | |||
52 | #define VFS_CAP_REVISION VFS_CAP_REVISION_1 | ||
53 | |||
54 | #define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK | ||
55 | #define VFS_CAP_FLAGS_EFFECTIVE 0x000001 | ||
56 | |||
57 | struct vfs_cap_data { | ||
58 | __u32 magic_etc; /* Little endian */ | ||
59 | struct { | ||
60 | __u32 permitted; /* Little endian */ | ||
61 | __u32 inheritable; /* Little endian */ | ||
62 | } data[1]; | ||
63 | }; | ||
64 | |||
65 | #ifdef __KERNEL__ | ||
48 | 66 | ||
49 | /* #define STRICT_CAP_T_TYPECHECKS */ | 67 | /* #define STRICT_CAP_T_TYPECHECKS */ |
50 | 68 | ||
@@ -59,7 +77,7 @@ typedef struct kernel_cap_struct { | |||
59 | typedef __u32 kernel_cap_t; | 77 | typedef __u32 kernel_cap_t; |
60 | 78 | ||
61 | #endif | 79 | #endif |
62 | 80 | ||
63 | #define _USER_CAP_HEADER_SIZE (2*sizeof(__u32)) | 81 | #define _USER_CAP_HEADER_SIZE (2*sizeof(__u32)) |
64 | #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) | 82 | #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) |
65 | 83 | ||
@@ -67,7 +85,7 @@ typedef __u32 kernel_cap_t; | |||
67 | 85 | ||
68 | 86 | ||
69 | /** | 87 | /** |
70 | ** POSIX-draft defined capabilities. | 88 | ** POSIX-draft defined capabilities. |
71 | **/ | 89 | **/ |
72 | 90 | ||
73 | /* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this | 91 | /* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this |
@@ -87,7 +105,7 @@ typedef __u32 kernel_cap_t; | |||
87 | defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ | 105 | defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ |
88 | 106 | ||
89 | #define CAP_DAC_READ_SEARCH 2 | 107 | #define CAP_DAC_READ_SEARCH 2 |
90 | 108 | ||
91 | /* Overrides all restrictions about allowed operations on files, where | 109 | /* Overrides all restrictions about allowed operations on files, where |
92 | file owner ID must be equal to the user ID, except where CAP_FSETID | 110 | file owner ID must be equal to the user ID, except where CAP_FSETID |
93 | is applicable. It doesn't override MAC and DAC restrictions. */ | 111 | is applicable. It doesn't override MAC and DAC restrictions. */ |
@@ -257,7 +275,7 @@ typedef __u32 kernel_cap_t; | |||
257 | /* Override reserved space on ext2 filesystem */ | 275 | /* Override reserved space on ext2 filesystem */ |
258 | /* Modify data journaling mode on ext3 filesystem (uses journaling | 276 | /* Modify data journaling mode on ext3 filesystem (uses journaling |
259 | resources) */ | 277 | resources) */ |
260 | /* NOTE: ext2 honors fsuid when checking for resource overrides, so | 278 | /* NOTE: ext2 honors fsuid when checking for resource overrides, so |
261 | you can override using fsuid too */ | 279 | you can override using fsuid too */ |
262 | /* Override size restrictions on IPC message queues */ | 280 | /* Override size restrictions on IPC message queues */ |
263 | /* Allow more than 64hz interrupts from the real-time clock */ | 281 | /* Allow more than 64hz interrupts from the real-time clock */ |
@@ -289,8 +307,10 @@ typedef __u32 kernel_cap_t; | |||
289 | 307 | ||
290 | #define CAP_AUDIT_CONTROL 30 | 308 | #define CAP_AUDIT_CONTROL 30 |
291 | 309 | ||
310 | #define CAP_SETFCAP 31 | ||
311 | |||
292 | #ifdef __KERNEL__ | 312 | #ifdef __KERNEL__ |
293 | /* | 313 | /* |
294 | * Bounding set | 314 | * Bounding set |
295 | */ | 315 | */ |
296 | extern kernel_cap_t cap_bset; | 316 | extern kernel_cap_t cap_bset; |
@@ -298,7 +318,7 @@ extern kernel_cap_t cap_bset; | |||
298 | /* | 318 | /* |
299 | * Internal kernel functions only | 319 | * Internal kernel functions only |
300 | */ | 320 | */ |
301 | 321 | ||
302 | #ifdef STRICT_CAP_T_TYPECHECKS | 322 | #ifdef STRICT_CAP_T_TYPECHECKS |
303 | 323 | ||
304 | #define to_cap_t(x) { x } | 324 | #define to_cap_t(x) { x } |
diff --git a/include/linux/fs.h b/include/linux/fs.h index 365586a4c4de..e3fc5dbb2246 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h | |||
@@ -329,6 +329,7 @@ typedef void (dio_iodone_t)(struct kiocb *iocb, loff_t offset, | |||
329 | #define ATTR_KILL_SUID 2048 | 329 | #define ATTR_KILL_SUID 2048 |
330 | #define ATTR_KILL_SGID 4096 | 330 | #define ATTR_KILL_SGID 4096 |
331 | #define ATTR_FILE 8192 | 331 | #define ATTR_FILE 8192 |
332 | #define ATTR_KILL_PRIV 16384 | ||
332 | 333 | ||
333 | /* | 334 | /* |
334 | * This is the Inode Attributes structure, used for notify_change(). It | 335 | * This is the Inode Attributes structure, used for notify_change(). It |
diff --git a/include/linux/security.h b/include/linux/security.h index a300a3f2fe68..df591d289ec9 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -51,8 +51,14 @@ extern void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe); | |||
51 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); | 51 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); |
52 | extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags); | 52 | extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags); |
53 | extern int cap_inode_removexattr(struct dentry *dentry, char *name); | 53 | extern int cap_inode_removexattr(struct dentry *dentry, char *name); |
54 | extern int cap_inode_need_killpriv(struct dentry *dentry); | ||
55 | extern int cap_inode_killpriv(struct dentry *dentry); | ||
54 | extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); | 56 | extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); |
55 | extern void cap_task_reparent_to_init (struct task_struct *p); | 57 | extern void cap_task_reparent_to_init (struct task_struct *p); |
58 | extern int cap_task_kill(struct task_struct *p, struct siginfo *info, int sig, u32 secid); | ||
59 | extern int cap_task_setscheduler (struct task_struct *p, int policy, struct sched_param *lp); | ||
60 | extern int cap_task_setioprio (struct task_struct *p, int ioprio); | ||
61 | extern int cap_task_setnice (struct task_struct *p, int nice); | ||
56 | extern int cap_syslog (int type); | 62 | extern int cap_syslog (int type); |
57 | extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); | 63 | extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); |
58 | 64 | ||
@@ -413,6 +419,18 @@ struct request_sock; | |||
413 | * is specified by @buffer_size. @buffer may be NULL to request | 419 | * is specified by @buffer_size. @buffer may be NULL to request |
414 | * the size of the buffer required. | 420 | * the size of the buffer required. |
415 | * Returns number of bytes used/required on success. | 421 | * Returns number of bytes used/required on success. |
422 | * @inode_need_killpriv: | ||
423 | * Called when an inode has been changed. | ||
424 | * @dentry is the dentry being changed. | ||
425 | * Return <0 on error to abort the inode change operation. | ||
426 | * Return 0 if inode_killpriv does not need to be called. | ||
427 | * Return >0 if inode_killpriv does need to be called. | ||
428 | * @inode_killpriv: | ||
429 | * The setuid bit is being removed. Remove similar security labels. | ||
430 | * Called with the dentry->d_inode->i_mutex held. | ||
431 | * @dentry is the dentry being changed. | ||
432 | * Return 0 on success. If error is returned, then the operation | ||
433 | * causing setuid bit removal is failed. | ||
416 | * | 434 | * |
417 | * Security hooks for file operations | 435 | * Security hooks for file operations |
418 | * | 436 | * |
@@ -1239,6 +1257,8 @@ struct security_operations { | |||
1239 | int (*inode_getxattr) (struct dentry *dentry, char *name); | 1257 | int (*inode_getxattr) (struct dentry *dentry, char *name); |
1240 | int (*inode_listxattr) (struct dentry *dentry); | 1258 | int (*inode_listxattr) (struct dentry *dentry); |
1241 | int (*inode_removexattr) (struct dentry *dentry, char *name); | 1259 | int (*inode_removexattr) (struct dentry *dentry, char *name); |
1260 | int (*inode_need_killpriv) (struct dentry *dentry); | ||
1261 | int (*inode_killpriv) (struct dentry *dentry); | ||
1242 | const char *(*inode_xattr_getsuffix) (void); | 1262 | const char *(*inode_xattr_getsuffix) (void); |
1243 | int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err); | 1263 | int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err); |
1244 | int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); | 1264 | int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); |
@@ -1496,6 +1516,8 @@ void security_inode_post_setxattr(struct dentry *dentry, char *name, | |||
1496 | int security_inode_getxattr(struct dentry *dentry, char *name); | 1516 | int security_inode_getxattr(struct dentry *dentry, char *name); |
1497 | int security_inode_listxattr(struct dentry *dentry); | 1517 | int security_inode_listxattr(struct dentry *dentry); |
1498 | int security_inode_removexattr(struct dentry *dentry, char *name); | 1518 | int security_inode_removexattr(struct dentry *dentry, char *name); |
1519 | int security_inode_need_killpriv(struct dentry *dentry); | ||
1520 | int security_inode_killpriv(struct dentry *dentry); | ||
1499 | const char *security_inode_xattr_getsuffix(void); | 1521 | const char *security_inode_xattr_getsuffix(void); |
1500 | int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err); | 1522 | int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err); |
1501 | int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); | 1523 | int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); |
@@ -1891,6 +1913,16 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name) | |||
1891 | return cap_inode_removexattr(dentry, name); | 1913 | return cap_inode_removexattr(dentry, name); |
1892 | } | 1914 | } |
1893 | 1915 | ||
1916 | static inline int security_inode_need_killpriv(struct dentry *dentry) | ||
1917 | { | ||
1918 | return cap_inode_need_killpriv(dentry); | ||
1919 | } | ||
1920 | |||
1921 | static inline int security_inode_killpriv(struct dentry *dentry) | ||
1922 | { | ||
1923 | return cap_inode_killpriv(dentry); | ||
1924 | } | ||
1925 | |||
1894 | static inline const char *security_inode_xattr_getsuffix (void) | 1926 | static inline const char *security_inode_xattr_getsuffix (void) |
1895 | { | 1927 | { |
1896 | return NULL ; | 1928 | return NULL ; |
@@ -2035,12 +2067,12 @@ static inline int security_task_setgroups (struct group_info *group_info) | |||
2035 | 2067 | ||
2036 | static inline int security_task_setnice (struct task_struct *p, int nice) | 2068 | static inline int security_task_setnice (struct task_struct *p, int nice) |
2037 | { | 2069 | { |
2038 | return 0; | 2070 | return cap_task_setnice(p, nice); |
2039 | } | 2071 | } |
2040 | 2072 | ||
2041 | static inline int security_task_setioprio (struct task_struct *p, int ioprio) | 2073 | static inline int security_task_setioprio (struct task_struct *p, int ioprio) |
2042 | { | 2074 | { |
2043 | return 0; | 2075 | return cap_task_setioprio(p, ioprio); |
2044 | } | 2076 | } |
2045 | 2077 | ||
2046 | static inline int security_task_getioprio (struct task_struct *p) | 2078 | static inline int security_task_getioprio (struct task_struct *p) |
@@ -2058,7 +2090,7 @@ static inline int security_task_setscheduler (struct task_struct *p, | |||
2058 | int policy, | 2090 | int policy, |
2059 | struct sched_param *lp) | 2091 | struct sched_param *lp) |
2060 | { | 2092 | { |
2061 | return 0; | 2093 | return cap_task_setscheduler(p, policy, lp); |
2062 | } | 2094 | } |
2063 | 2095 | ||
2064 | static inline int security_task_getscheduler (struct task_struct *p) | 2096 | static inline int security_task_getscheduler (struct task_struct *p) |
@@ -2075,7 +2107,7 @@ static inline int security_task_kill (struct task_struct *p, | |||
2075 | struct siginfo *info, int sig, | 2107 | struct siginfo *info, int sig, |
2076 | u32 secid) | 2108 | u32 secid) |
2077 | { | 2109 | { |
2078 | return 0; | 2110 | return cap_task_kill(p, info, sig, secid); |
2079 | } | 2111 | } |
2080 | 2112 | ||
2081 | static inline int security_task_wait (struct task_struct *p) | 2113 | static inline int security_task_wait (struct task_struct *p) |