diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/Kconfig | 9 | ||||
| -rw-r--r-- | security/commoncap.c | 72 |
2 files changed, 2 insertions, 79 deletions
diff --git a/security/Kconfig b/security/Kconfig index 95cc08913ca1..226b9556b25f 100644 --- a/security/Kconfig +++ b/security/Kconfig | |||
| @@ -91,15 +91,6 @@ config SECURITY_PATH | |||
| 91 | implement pathname based access controls. | 91 | implement pathname based access controls. |
| 92 | If you are unsure how to answer this question, answer N. | 92 | If you are unsure how to answer this question, answer N. |
| 93 | 93 | ||
| 94 | config SECURITY_FILE_CAPABILITIES | ||
| 95 | bool "File POSIX Capabilities" | ||
| 96 | default n | ||
| 97 | help | ||
| 98 | This enables filesystem capabilities, allowing you to give | ||
| 99 | binaries a subset of root's powers without using setuid 0. | ||
| 100 | |||
| 101 | If in doubt, answer N. | ||
| 102 | |||
| 103 | config INTEL_TXT | 94 | config INTEL_TXT |
| 104 | bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)" | 95 | bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)" |
| 105 | depends on HAVE_INTEL_TXT | 96 | depends on HAVE_INTEL_TXT |
diff --git a/security/commoncap.c b/security/commoncap.c index 45b87af4ae5d..f800fdb3de94 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -173,7 +173,6 @@ int cap_capget(struct task_struct *target, kernel_cap_t *effective, | |||
| 173 | */ | 173 | */ |
| 174 | static inline int cap_inh_is_capped(void) | 174 | static inline int cap_inh_is_capped(void) |
| 175 | { | 175 | { |
| 176 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | ||
| 177 | 176 | ||
| 178 | /* they are so limited unless the current task has the CAP_SETPCAP | 177 | /* they are so limited unless the current task has the CAP_SETPCAP |
| 179 | * capability | 178 | * capability |
| @@ -181,7 +180,6 @@ static inline int cap_inh_is_capped(void) | |||
| 181 | if (cap_capable(current, current_cred(), CAP_SETPCAP, | 180 | if (cap_capable(current, current_cred(), CAP_SETPCAP, |
| 182 | SECURITY_CAP_AUDIT) == 0) | 181 | SECURITY_CAP_AUDIT) == 0) |
| 183 | return 0; | 182 | return 0; |
| 184 | #endif | ||
| 185 | return 1; | 183 | return 1; |
| 186 | } | 184 | } |
| 187 | 185 | ||
| @@ -239,8 +237,6 @@ static inline void bprm_clear_caps(struct linux_binprm *bprm) | |||
| 239 | bprm->cap_effective = false; | 237 | bprm->cap_effective = false; |
| 240 | } | 238 | } |
| 241 | 239 | ||
| 242 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | ||
| 243 | |||
| 244 | /** | 240 | /** |
| 245 | * cap_inode_need_killpriv - Determine if inode change affects privileges | 241 | * cap_inode_need_killpriv - Determine if inode change affects privileges |
| 246 | * @dentry: The inode/dentry in being changed with change marked ATTR_KILL_PRIV | 242 | * @dentry: The inode/dentry in being changed with change marked ATTR_KILL_PRIV |
| @@ -421,49 +417,6 @@ out: | |||
| 421 | return rc; | 417 | return rc; |
| 422 | } | 418 | } |
| 423 | 419 | ||
| 424 | #else | ||
| 425 | int cap_inode_need_killpriv(struct dentry *dentry) | ||
| 426 | { | ||
| 427 | return 0; | ||
| 428 | } | ||
| 429 | |||
| 430 | int cap_inode_killpriv(struct dentry *dentry) | ||
| 431 | { | ||
| 432 | return 0; | ||
| 433 | } | ||
| 434 | |||
| 435 | int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps) | ||
| 436 | { | ||
| 437 | memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); | ||
| 438 | return -ENODATA; | ||
| 439 | } | ||
| 440 | |||
| 441 | static inline int get_file_caps(struct linux_binprm *bprm, bool *effective) | ||
| 442 | { | ||
| 443 | bprm_clear_caps(bprm); | ||
| 444 | return 0; | ||
| 445 | } | ||
| 446 | #endif | ||
| 447 | |||
| 448 | /* | ||
| 449 | * Determine whether a exec'ing process's new permitted capabilities should be | ||
| 450 | * limited to just what it already has. | ||
| 451 | * | ||
| 452 | * This prevents processes that are being ptraced from gaining access to | ||
| 453 | * CAP_SETPCAP, unless the process they're tracing already has it, and the | ||
| 454 | * binary they're executing has filecaps that elevate it. | ||
| 455 | * | ||
| 456 | * Returns 1 if they should be limited, 0 if they are not. | ||
| 457 | */ | ||
| 458 | static inline int cap_limit_ptraced_target(void) | ||
| 459 | { | ||
| 460 | #ifndef CONFIG_SECURITY_FILE_CAPABILITIES | ||
| 461 | if (capable(CAP_SETPCAP)) | ||
| 462 | return 0; | ||
| 463 | #endif | ||
| 464 | return 1; | ||
| 465 | } | ||
| 466 | |||
| 467 | /** | 420 | /** |
| 468 | * cap_bprm_set_creds - Set up the proposed credentials for execve(). | 421 | * cap_bprm_set_creds - Set up the proposed credentials for execve(). |
| 469 | * @bprm: The execution parameters, including the proposed creds | 422 | * @bprm: The execution parameters, including the proposed creds |
| @@ -523,9 +476,8 @@ skip: | |||
| 523 | new->euid = new->uid; | 476 | new->euid = new->uid; |
| 524 | new->egid = new->gid; | 477 | new->egid = new->gid; |
| 525 | } | 478 | } |
| 526 | if (cap_limit_ptraced_target()) | 479 | new->cap_permitted = cap_intersect(new->cap_permitted, |
| 527 | new->cap_permitted = cap_intersect(new->cap_permitted, | 480 | old->cap_permitted); |
| 528 | old->cap_permitted); | ||
| 529 | } | 481 | } |
| 530 | 482 | ||
| 531 | new->suid = new->fsuid = new->euid; | 483 | new->suid = new->fsuid = new->euid; |
| @@ -739,7 +691,6 @@ int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags) | |||
| 739 | return 0; | 691 | return 0; |
| 740 | } | 692 | } |
| 741 | 693 | ||
| 742 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | ||
| 743 | /* | 694 | /* |
| 744 | * Rationale: code calling task_setscheduler, task_setioprio, and | 695 | * Rationale: code calling task_setscheduler, task_setioprio, and |
| 745 | * task_setnice, assumes that | 696 | * task_setnice, assumes that |
| @@ -820,22 +771,6 @@ static long cap_prctl_drop(struct cred *new, unsigned long cap) | |||
| 820 | return 0; | 771 | return 0; |
| 821 | } | 772 | } |
| 822 | 773 | ||
| 823 | #else | ||
| 824 | int cap_task_setscheduler (struct task_struct *p, int policy, | ||
| 825 | struct sched_param *lp) | ||
| 826 | { | ||
| 827 | return 0; | ||
| 828 | } | ||
| 829 | int cap_task_setioprio (struct task_struct *p, int ioprio) | ||
| 830 | { | ||
| 831 | return 0; | ||
| 832 | } | ||
| 833 | int cap_task_setnice (struct task_struct *p, int nice) | ||
| 834 | { | ||
| 835 | return 0; | ||
| 836 | } | ||
| 837 | #endif | ||
| 838 | |||
| 839 | /** | 774 | /** |
| 840 | * cap_task_prctl - Implement process control functions for this security module | 775 | * cap_task_prctl - Implement process control functions for this security module |
| 841 | * @option: The process control function requested | 776 | * @option: The process control function requested |
| @@ -866,7 +801,6 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
| 866 | error = !!cap_raised(new->cap_bset, arg2); | 801 | error = !!cap_raised(new->cap_bset, arg2); |
| 867 | goto no_change; | 802 | goto no_change; |
| 868 | 803 | ||
| 869 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | ||
| 870 | case PR_CAPBSET_DROP: | 804 | case PR_CAPBSET_DROP: |
| 871 | error = cap_prctl_drop(new, arg2); | 805 | error = cap_prctl_drop(new, arg2); |
| 872 | if (error < 0) | 806 | if (error < 0) |
| @@ -917,8 +851,6 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
| 917 | error = new->securebits; | 851 | error = new->securebits; |
| 918 | goto no_change; | 852 | goto no_change; |
| 919 | 853 | ||
| 920 | #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ | ||
| 921 | |||
| 922 | case PR_GET_KEEPCAPS: | 854 | case PR_GET_KEEPCAPS: |
| 923 | if (issecure(SECURE_KEEP_CAPS)) | 855 | if (issecure(SECURE_KEEP_CAPS)) |
| 924 | error = 1; | 856 | error = 1; |