This patch allows LSM modules to determine whether current process is in an
execve operation or not so that they can behave differently while an execve
operation is in progress.
This allows TOMOYO to dispense with a readability check on a file to be
executed under the process's current credentials, and to do it instead under
the proposed credentials.
This is required with the new COW credentials because TOMOYO is no longer
allowed to mark the state temporarily in the security struct attached to the
task_struct.
Signed-off-by: Tetsuo Handa <[email protected]>
Signed-off-by: David Howells <[email protected]>
---
fs/compat.c | 3 +++
fs/exec.c | 3 +++
include/linux/sched.h | 2 ++
3 files changed, 8 insertions(+)
--- linux-2.6.28-rc2-mm1.orig/fs/compat.c
+++ linux-2.6.28-rc2-mm1/fs/compat.c
@@ -1396,6 +1396,7 @@ int compat_do_execve(char * filename,
retval = mutex_lock_interruptible(¤t->cred_exec_mutex);
if (retval < 0)
goto out_free;
+ current->in_execve = 1;
retval = -ENOMEM;
bprm->cred = prepare_exec_creds();
@@ -1448,6 +1449,7 @@ int compat_do_execve(char * filename,
goto out;
/* execve succeeded */
+ current->in_execve = 0;
mutex_unlock(¤t->cred_exec_mutex);
acct_update_integrals(current);
free_bprm(bprm);
@@ -1464,6 +1466,7 @@ out_file:
}
out_unlock:
+ current->in_execve = 0;
mutex_unlock(¤t->cred_exec_mutex);
out_free:
--- linux-2.6.28-rc2-mm1.orig/fs/exec.c
+++ linux-2.6.28-rc2-mm1/fs/exec.c
@@ -1301,6 +1301,7 @@ int do_execve(char * filename,
retval = mutex_lock_interruptible(¤t->cred_exec_mutex);
if (retval < 0)
goto out_free;
+ current->in_execve = 1;
retval = -ENOMEM;
bprm->cred = prepare_exec_creds();
@@ -1354,6 +1355,7 @@ int do_execve(char * filename,
goto out;
/* execve succeeded */
+ current->in_execve = 0;
mutex_unlock(¤t->cred_exec_mutex);
acct_update_integrals(current);
free_bprm(bprm);
@@ -1372,6 +1374,7 @@ out_file:
}
out_unlock:
+ current->in_execve = 0;
mutex_unlock(¤t->cred_exec_mutex);
out_free:
--- linux-2.6.28-rc2-mm1.orig/include/linux/sched.h
+++ linux-2.6.28-rc2-mm1/include/linux/sched.h
@@ -1095,6 +1095,8 @@ struct task_struct {
/* ??? */
unsigned int personality;
unsigned did_exec:1;
+ unsigned in_execve:1; /* Tell the LSMs that the process is doing an
+ * execve */
pid_t pid;
pid_t tgid;
--
On Tue, 04 Nov 2008 15:08:49 +0900
Kentaro Takeda <[email protected]> wrote:
> This patch allows LSM modules to determine whether current process is in an
> execve operation or not so that they can behave differently while an execve
> operation is in progress.
>
> This allows TOMOYO to dispense with a readability check on a file to be
> executed under the process's current credentials, and to do it instead under
> the proposed credentials.
>
> This is required with the new COW credentials because TOMOYO is no longer
> allowed to mark the state temporarily in the security struct attached to the
> task_struct.
None of this patch applied. It seems that some credentials code has
disappeared from linux-next. So I took a bet shot at reimplementing it
- please check.
If/when that code gets restored to linux-next I get to fix the patch
again. It's a bit of collateral damage whcih happens when people muck
up their trees.
fs/compat.c | 3 +++
fs/exec.c | 3 +++
include/linux/sched.h | 2 ++
3 files changed, 8 insertions(+)
diff -puN fs/compat.c~tomoyo-add-in_execve-flag-into-task_struct fs/compat.c
--- a/fs/compat.c~tomoyo-add-in_execve-flag-into-task_struct
+++ a/fs/compat.c
@@ -1388,6 +1388,7 @@ int compat_do_execve(char * filename,
struct file *file;
int retval;
+ current->in_execve = 1;
retval = -ENOMEM;
bprm = kzalloc(sizeof(*bprm), GFP_KERNEL);
if (!bprm)
@@ -1440,6 +1441,7 @@ int compat_do_execve(char * filename,
retval = search_binary_handler(bprm, regs);
if (retval >= 0) {
/* execve success */
+ current->in_execve = 0;
security_bprm_free(bprm);
acct_update_integrals(current);
free_bprm(bprm);
@@ -1464,6 +1466,7 @@ out_kfree:
free_bprm(bprm);
out_ret:
+ current->in_execve = 0;
return retval;
}
diff -puN fs/exec.c~tomoyo-add-in_execve-flag-into-task_struct fs/exec.c
--- a/fs/exec.c~tomoyo-add-in_execve-flag-into-task_struct
+++ a/fs/exec.c
@@ -1268,6 +1268,7 @@ int do_execve(char * filename,
struct files_struct *displaced;
int retval;
+ current->in_execve = 1;
retval = unshare_files(&displaced);
if (retval)
goto out_ret;
@@ -1325,6 +1326,7 @@ int do_execve(char * filename,
retval = search_binary_handler(bprm,regs);
if (retval >= 0) {
/* execve success */
+ current->in_execve = 0;
security_bprm_free(bprm);
acct_update_integrals(current);
free_bprm(bprm);
@@ -1353,6 +1355,7 @@ out_files:
if (displaced)
reset_files_struct(displaced);
out_ret:
+ current->in_execve = 0;
return retval;
}
diff -puN include/linux/sched.h~tomoyo-add-in_execve-flag-into-task_struct include/linux/sched.h
--- a/include/linux/sched.h~tomoyo-add-in_execve-flag-into-task_struct
+++ a/include/linux/sched.h
@@ -1130,6 +1130,8 @@ struct task_struct {
/* ??? */
unsigned int personality;
unsigned did_exec:1;
+ unsigned in_execve:1; /* Tell the LSMs that the process is doing an
+ * execve */
pid_t pid;
pid_t tgid;
_