LinuxLists.cc - [PATCH] track capabilities in default dummy security module code

2005-01-05 00:08:12

Subject: [PATCH] track capabilities in default dummy security module code

Switch dummy logic around to set cap_* bits during exec and set*uid based
on basic uid check. Then check cap_* bits during capable() (rather than
doing basic uid check). This ensures that capability bits are properly
initialized in case the capability module is later loaded.

Signed-off-by: Chris Wright <[email protected]>

===== security/dummy.c 1.49 vs edited =====
--- 1.49/security/dummy.c 2005-01-03 15:49:14 -08:00
+++ edited/security/dummy.c 2005-01-04 13:14:10 -08:00
@@ -74,11 +74,8 @@ static int dummy_acct (struct file *file

static int dummy_capable (struct task_struct *tsk, int cap)
{
- if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0)
- /* capability granted */
+ if (cap_raised (tsk->cap_effective, cap))
return 0;
-
- /* capability denied */
return -EPERM;
}

@@ -183,6 +180,7 @@ static int dummy_bprm_alloc_security (st

static void dummy_bprm_free_security (struct linux_binprm *bprm)
{
+ dummy_capget(current, &current->cap_effective, &current->cap_inheritable, &current->cap_permitted);
return;
}

@@ -558,6 +556,7 @@ static int dummy_task_setuid (uid_t id0,

static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
{
+ dummy_capget(current, &current->cap_effective, &current->cap_inheritable, &current->cap_permitted);
return 0;
}

2005-01-04 23:46:41

by Chris Wright

[permalink] [raw]

Subject: Re: [PATCH] track capabilities in default dummy security module code

* Chris Wright ([email protected]) wrote:
> Switch dummy logic around to set cap_* bits during exec and set*uid based
> on basic uid check. Then check cap_* bits during capable() (rather than
> doing basic uid check). This ensures that capability bits are properly
> initialized in case the capability module is later loaded.

OK, somehow I managed to botch this one. It happens to work fine, but I
should have been more careful with forward porting this 1+ year old patch.
The exec-time calc should go in bprm_apply_creds, not bprm_free_security.
Thanks to Stephen for spotting my mistake.

Signed-off-by: Chris Wright <[email protected]>

===== security/dummy.c 1.50 vs edited =====
--- 1.50/security/dummy.c 2005-01-04 13:14:10 -08:00
+++ edited/security/dummy.c 2005-01-04 14:45:31 -08:00
@@ -180,7 +180,6 @@ static int dummy_bprm_alloc_security (st

static void dummy_bprm_free_security (struct linux_binprm *bprm)
{
- dummy_capget(current, &current->cap_effective, &current->cap_inheritable, &current->cap_permitted);
return;
}

@@ -197,6 +196,8 @@ static void dummy_bprm_apply_creds (stru

current->suid = current->euid = current->fsuid = bprm->e_uid;
current->sgid = current->egid = current->fsgid = bprm->e_gid;
+
+ dummy_capget(current, &current->cap_effective, &current->cap_inheritable, &current->cap_permitted);
}

static int dummy_bprm_set_security (struct linux_binprm *bprm)