This patch against 2.6.9 adds a DAC ownership check to the existing MAC
permission checks when setting the security.selinux attribute via
setxattr. In the past, the MAC permission checks were viewed as
sufficient for controlling relabeling operations, but experience in the
Fedora SELinux integration has shown that a DAC check is also
appropriate here, particularly under targeted policy. Please apply.
Signed-off-by: Stephen Smalley <[email protected]>
security/selinux/hooks.c | 3 +++
1 files changed, 3 insertions(+)
--- linux-2.6.9/security/selinux/hooks.c.orig 2004-10-20 10:32:18.653598056 -0400
+++ linux-2.6.9/security/selinux/hooks.c 2004-10-20 10:32:39.712396632 -0400
@@ -2243,6 +2243,9 @@ static int selinux_inode_setxattr(struct
if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
return -EOPNOTSUPP;
+ if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
+ return -EPERM;
+
AVC_AUDIT_DATA_INIT(&ad,FS);
ad.u.fs.dentry = dentry;
--
Stephen Smalley <[email protected]>
National Security Agency