aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/linux/binfmts.h3
-rw-r--r--include/linux/capability.h48
-rw-r--r--include/linux/fs.h1
-rw-r--r--include/linux/security.h40
4 files changed, 73 insertions, 19 deletions
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index 3a6512f8ec94..b7fc55ec8d48 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -37,7 +37,8 @@ struct linux_binprm{
37 int sh_bang; 37 int sh_bang;
38 struct file * file; 38 struct file * file;
39 int e_uid, e_gid; 39 int e_uid, e_gid;
40 kernel_cap_t cap_inheritable, cap_permitted, cap_effective; 40 kernel_cap_t cap_inheritable, cap_permitted;
41 bool cap_effective;
41 void *security; 42 void *security;
42 int argc, envc; 43 int argc, envc;
43 char * filename; /* Name of binary as seen by procps */ 44 char * filename; /* Name of binary as seen by procps */
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 2dfa58555934..8961e7fb755c 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -1,14 +1,14 @@
1/* 1/*
2 * This is <linux/capability.h> 2 * This is <linux/capability.h>
3 * 3 *
4 * Andrew G. Morgan <morgan@transmeta.com> 4 * Andrew G. Morgan <morgan@kernel.org>
5 * Alexander Kjeldaas <astor@guardian.no> 5 * Alexander Kjeldaas <astor@guardian.no>
6 * with help from Aleph1, Roland Buresund and Andrew Main. 6 * with help from Aleph1, Roland Buresund and Andrew Main.
7 * 7 *
8 * See here for the libcap library ("POSIX draft" compliance): 8 * See here for the libcap library ("POSIX draft" compliance):
9 * 9 *
10 * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/ 10 * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/
11 */ 11 */
12 12
13#ifndef _LINUX_CAPABILITY_H 13#ifndef _LINUX_CAPABILITY_H
14#define _LINUX_CAPABILITY_H 14#define _LINUX_CAPABILITY_H
@@ -28,23 +28,41 @@ struct task_struct;
28 following structure to such a composite is better handled in a user 28 following structure to such a composite is better handled in a user
29 library since the draft standard requires the use of malloc/free 29 library since the draft standard requires the use of malloc/free
30 etc.. */ 30 etc.. */
31 31
32#define _LINUX_CAPABILITY_VERSION 0x19980330 32#define _LINUX_CAPABILITY_VERSION 0x19980330
33 33
34typedef struct __user_cap_header_struct { 34typedef struct __user_cap_header_struct {
35 __u32 version; 35 __u32 version;
36 int pid; 36 int pid;
37} __user *cap_user_header_t; 37} __user *cap_user_header_t;
38 38
39typedef struct __user_cap_data_struct { 39typedef struct __user_cap_data_struct {
40 __u32 effective; 40 __u32 effective;
41 __u32 permitted; 41 __u32 permitted;
42 __u32 inheritable; 42 __u32 inheritable;
43} __user *cap_user_data_t; 43} __user *cap_user_data_t;
44
45#ifdef __KERNEL__
46 44
47#include <asm/current.h> 45#define XATTR_CAPS_SUFFIX "capability"
46#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
47
48#define XATTR_CAPS_SZ (3*sizeof(__le32))
49#define VFS_CAP_REVISION_MASK 0xFF000000
50#define VFS_CAP_REVISION_1 0x01000000
51
52#define VFS_CAP_REVISION VFS_CAP_REVISION_1
53
54#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK
55#define VFS_CAP_FLAGS_EFFECTIVE 0x000001
56
57struct vfs_cap_data {
58 __u32 magic_etc; /* Little endian */
59 struct {
60 __u32 permitted; /* Little endian */
61 __u32 inheritable; /* Little endian */
62 } data[1];
63};
64
65#ifdef __KERNEL__
48 66
49/* #define STRICT_CAP_T_TYPECHECKS */ 67/* #define STRICT_CAP_T_TYPECHECKS */
50 68
@@ -59,7 +77,7 @@ typedef struct kernel_cap_struct {
59typedef __u32 kernel_cap_t; 77typedef __u32 kernel_cap_t;
60 78
61#endif 79#endif
62 80
63#define _USER_CAP_HEADER_SIZE (2*sizeof(__u32)) 81#define _USER_CAP_HEADER_SIZE (2*sizeof(__u32))
64#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) 82#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
65 83
@@ -67,7 +85,7 @@ typedef __u32 kernel_cap_t;
67 85
68 86
69/** 87/**
70 ** POSIX-draft defined capabilities. 88 ** POSIX-draft defined capabilities.
71 **/ 89 **/
72 90
73/* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this 91/* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this
@@ -87,7 +105,7 @@ typedef __u32 kernel_cap_t;
87 defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ 105 defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */
88 106
89#define CAP_DAC_READ_SEARCH 2 107#define CAP_DAC_READ_SEARCH 2
90 108
91/* Overrides all restrictions about allowed operations on files, where 109/* Overrides all restrictions about allowed operations on files, where
92 file owner ID must be equal to the user ID, except where CAP_FSETID 110 file owner ID must be equal to the user ID, except where CAP_FSETID
93 is applicable. It doesn't override MAC and DAC restrictions. */ 111 is applicable. It doesn't override MAC and DAC restrictions. */
@@ -257,7 +275,7 @@ typedef __u32 kernel_cap_t;
257/* Override reserved space on ext2 filesystem */ 275/* Override reserved space on ext2 filesystem */
258/* Modify data journaling mode on ext3 filesystem (uses journaling 276/* Modify data journaling mode on ext3 filesystem (uses journaling
259 resources) */ 277 resources) */
260/* NOTE: ext2 honors fsuid when checking for resource overrides, so 278/* NOTE: ext2 honors fsuid when checking for resource overrides, so
261 you can override using fsuid too */ 279 you can override using fsuid too */
262/* Override size restrictions on IPC message queues */ 280/* Override size restrictions on IPC message queues */
263/* Allow more than 64hz interrupts from the real-time clock */ 281/* Allow more than 64hz interrupts from the real-time clock */
@@ -289,8 +307,10 @@ typedef __u32 kernel_cap_t;
289 307
290#define CAP_AUDIT_CONTROL 30 308#define CAP_AUDIT_CONTROL 30
291 309
310#define CAP_SETFCAP 31
311
292#ifdef __KERNEL__ 312#ifdef __KERNEL__
293/* 313/*
294 * Bounding set 314 * Bounding set
295 */ 315 */
296extern kernel_cap_t cap_bset; 316extern kernel_cap_t cap_bset;
@@ -298,7 +318,7 @@ extern kernel_cap_t cap_bset;
298/* 318/*
299 * Internal kernel functions only 319 * Internal kernel functions only
300 */ 320 */
301 321
302#ifdef STRICT_CAP_T_TYPECHECKS 322#ifdef STRICT_CAP_T_TYPECHECKS
303 323
304#define to_cap_t(x) { x } 324#define to_cap_t(x) { x }
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 365586a4c4de..e3fc5dbb2246 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -329,6 +329,7 @@ typedef void (dio_iodone_t)(struct kiocb *iocb, loff_t offset,
329#define ATTR_KILL_SUID 2048 329#define ATTR_KILL_SUID 2048
330#define ATTR_KILL_SGID 4096 330#define ATTR_KILL_SGID 4096
331#define ATTR_FILE 8192 331#define ATTR_FILE 8192
332#define ATTR_KILL_PRIV 16384
332 333
333/* 334/*
334 * This is the Inode Attributes structure, used for notify_change(). It 335 * This is the Inode Attributes structure, used for notify_change(). It
diff --git a/include/linux/security.h b/include/linux/security.h
index a300a3f2fe68..df591d289ec9 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -51,8 +51,14 @@ extern void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe);
51extern int cap_bprm_secureexec(struct linux_binprm *bprm); 51extern int cap_bprm_secureexec(struct linux_binprm *bprm);
52extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags); 52extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags);
53extern int cap_inode_removexattr(struct dentry *dentry, char *name); 53extern int cap_inode_removexattr(struct dentry *dentry, char *name);
54extern int cap_inode_need_killpriv(struct dentry *dentry);
55extern int cap_inode_killpriv(struct dentry *dentry);
54extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); 56extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
55extern void cap_task_reparent_to_init (struct task_struct *p); 57extern void cap_task_reparent_to_init (struct task_struct *p);
58extern int cap_task_kill(struct task_struct *p, struct siginfo *info, int sig, u32 secid);
59extern int cap_task_setscheduler (struct task_struct *p, int policy, struct sched_param *lp);
60extern int cap_task_setioprio (struct task_struct *p, int ioprio);
61extern int cap_task_setnice (struct task_struct *p, int nice);
56extern int cap_syslog (int type); 62extern int cap_syslog (int type);
57extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); 63extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
58 64
@@ -413,6 +419,18 @@ struct request_sock;
413 * is specified by @buffer_size. @buffer may be NULL to request 419 * is specified by @buffer_size. @buffer may be NULL to request
414 * the size of the buffer required. 420 * the size of the buffer required.
415 * Returns number of bytes used/required on success. 421 * Returns number of bytes used/required on success.
422 * @inode_need_killpriv:
423 * Called when an inode has been changed.
424 * @dentry is the dentry being changed.
425 * Return <0 on error to abort the inode change operation.
426 * Return 0 if inode_killpriv does not need to be called.
427 * Return >0 if inode_killpriv does need to be called.
428 * @inode_killpriv:
429 * The setuid bit is being removed. Remove similar security labels.
430 * Called with the dentry->d_inode->i_mutex held.
431 * @dentry is the dentry being changed.
432 * Return 0 on success. If error is returned, then the operation
433 * causing setuid bit removal is failed.
416 * 434 *
417 * Security hooks for file operations 435 * Security hooks for file operations
418 * 436 *
@@ -1239,6 +1257,8 @@ struct security_operations {
1239 int (*inode_getxattr) (struct dentry *dentry, char *name); 1257 int (*inode_getxattr) (struct dentry *dentry, char *name);
1240 int (*inode_listxattr) (struct dentry *dentry); 1258 int (*inode_listxattr) (struct dentry *dentry);
1241 int (*inode_removexattr) (struct dentry *dentry, char *name); 1259 int (*inode_removexattr) (struct dentry *dentry, char *name);
1260 int (*inode_need_killpriv) (struct dentry *dentry);
1261 int (*inode_killpriv) (struct dentry *dentry);
1242 const char *(*inode_xattr_getsuffix) (void); 1262 const char *(*inode_xattr_getsuffix) (void);
1243 int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err); 1263 int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err);
1244 int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); 1264 int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags);
@@ -1496,6 +1516,8 @@ void security_inode_post_setxattr(struct dentry *dentry, char *name,
1496int security_inode_getxattr(struct dentry *dentry, char *name); 1516int security_inode_getxattr(struct dentry *dentry, char *name);
1497int security_inode_listxattr(struct dentry *dentry); 1517int security_inode_listxattr(struct dentry *dentry);
1498int security_inode_removexattr(struct dentry *dentry, char *name); 1518int security_inode_removexattr(struct dentry *dentry, char *name);
1519int security_inode_need_killpriv(struct dentry *dentry);
1520int security_inode_killpriv(struct dentry *dentry);
1499const char *security_inode_xattr_getsuffix(void); 1521const char *security_inode_xattr_getsuffix(void);
1500int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err); 1522int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err);
1501int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); 1523int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
@@ -1891,6 +1913,16 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name)
1891 return cap_inode_removexattr(dentry, name); 1913 return cap_inode_removexattr(dentry, name);
1892} 1914}
1893 1915
1916static inline int security_inode_need_killpriv(struct dentry *dentry)
1917{
1918 return cap_inode_need_killpriv(dentry);
1919}
1920
1921static inline int security_inode_killpriv(struct dentry *dentry)
1922{
1923 return cap_inode_killpriv(dentry);
1924}
1925
1894static inline const char *security_inode_xattr_getsuffix (void) 1926static inline const char *security_inode_xattr_getsuffix (void)
1895{ 1927{
1896 return NULL ; 1928 return NULL ;
@@ -2035,12 +2067,12 @@ static inline int security_task_setgroups (struct group_info *group_info)
2035 2067
2036static inline int security_task_setnice (struct task_struct *p, int nice) 2068static inline int security_task_setnice (struct task_struct *p, int nice)
2037{ 2069{
2038 return 0; 2070 return cap_task_setnice(p, nice);
2039} 2071}
2040 2072
2041static inline int security_task_setioprio (struct task_struct *p, int ioprio) 2073static inline int security_task_setioprio (struct task_struct *p, int ioprio)
2042{ 2074{
2043 return 0; 2075 return cap_task_setioprio(p, ioprio);
2044} 2076}
2045 2077
2046static inline int security_task_getioprio (struct task_struct *p) 2078static inline int security_task_getioprio (struct task_struct *p)
@@ -2058,7 +2090,7 @@ static inline int security_task_setscheduler (struct task_struct *p,
2058 int policy, 2090 int policy,
2059 struct sched_param *lp) 2091 struct sched_param *lp)
2060{ 2092{
2061 return 0; 2093 return cap_task_setscheduler(p, policy, lp);
2062} 2094}
2063 2095
2064static inline int security_task_getscheduler (struct task_struct *p) 2096static inline int security_task_getscheduler (struct task_struct *p)
@@ -2075,7 +2107,7 @@ static inline int security_task_kill (struct task_struct *p,
2075 struct siginfo *info, int sig, 2107 struct siginfo *info, int sig,
2076 u32 secid) 2108 u32 secid)
2077{ 2109{
2078 return 0; 2110 return cap_task_kill(p, info, sig, secid);
2079} 2111}
2080 2112
2081static inline int security_task_wait (struct task_struct *p) 2113static inline int security_task_wait (struct task_struct *p)