diff options
Diffstat (limited to 'security/commoncap.c')
-rw-r--r-- | security/commoncap.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index d7eff5797b91..d45393380997 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -8,6 +8,7 @@ | |||
8 | */ | 8 | */ |
9 | 9 | ||
10 | #include <linux/capability.h> | 10 | #include <linux/capability.h> |
11 | #include <linux/audit.h> | ||
11 | #include <linux/module.h> | 12 | #include <linux/module.h> |
12 | #include <linux/init.h> | 13 | #include <linux/init.h> |
13 | #include <linux/kernel.h> | 14 | #include <linux/kernel.h> |
@@ -376,6 +377,9 @@ int cap_bprm_set_security (struct linux_binprm *bprm) | |||
376 | 377 | ||
377 | void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) | 378 | void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) |
378 | { | 379 | { |
380 | kernel_cap_t pP = current->cap_permitted; | ||
381 | kernel_cap_t pE = current->cap_effective; | ||
382 | |||
379 | if (bprm->e_uid != current->uid || bprm->e_gid != current->gid || | 383 | if (bprm->e_uid != current->uid || bprm->e_gid != current->gid || |
380 | !cap_issubset(bprm->cap_post_exec_permitted, | 384 | !cap_issubset(bprm->cap_post_exec_permitted, |
381 | current->cap_permitted)) { | 385 | current->cap_permitted)) { |
@@ -409,7 +413,24 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) | |||
409 | cap_clear(current->cap_effective); | 413 | cap_clear(current->cap_effective); |
410 | } | 414 | } |
411 | 415 | ||
412 | /* AUD: Audit candidate if current->cap_effective is set */ | 416 | /* |
417 | * Audit candidate if current->cap_effective is set | ||
418 | * | ||
419 | * We do not bother to audit if 3 things are true: | ||
420 | * 1) cap_effective has all caps | ||
421 | * 2) we are root | ||
422 | * 3) root is supposed to have all caps (SECURE_NOROOT) | ||
423 | * Since this is just a normal root execing a process. | ||
424 | * | ||
425 | * Number 1 above might fail if you don't have a full bset, but I think | ||
426 | * that is interesting information to audit. | ||
427 | */ | ||
428 | if (!cap_isclear(current->cap_effective)) { | ||
429 | if (!cap_issubset(CAP_FULL_SET, current->cap_effective) || | ||
430 | (bprm->e_uid != 0) || (current->uid != 0) || | ||
431 | issecure(SECURE_NOROOT)) | ||
432 | audit_log_bprm_fcaps(bprm, &pP, &pE); | ||
433 | } | ||
413 | 434 | ||
414 | current->securebits &= ~issecure_mask(SECURE_KEEP_CAPS); | 435 | current->securebits &= ~issecure_mask(SECURE_KEEP_CAPS); |
415 | } | 436 | } |