Huagang Xie wrote:
> 2) Capability Hooker, capable() in include/linux/sched.h.
In the full POSIX.1e capability patch, I've removed this 'inline'
function from the header and exported it as a module visible function.
This was needed because we (cabal of interested parties from the
linux-privs list) met at SGI one afternoon and thrashed out how to clean
up and complete the capability implementation and realized that the
capable() call needed to contain: 1. and auditing hook and 2. more
control logic. The code bloat aspects of all this at every location
throughout the kernel made un-inlining decision easy.
If you want to make this function hookable, I strongly recommend you do
the same.
And while we're on the subject of potentially supporting full capability
support in the kernel (strange I keep mentioning it!) I think you need
to abstract these lines:
fs/exec.c:
/* We don't have VFS support for capabilities yet */
cap_clear(bprm->cap_inheritable);
cap_clear(bprm->cap_permitted);
cap_clear(bprm->cap_effective);
/* To support inheritance of root-permissions and suid-root
* executables under compatibility mode, we raise all three
* capability sets for the file.
*
* If only the real uid is 0, we only raise the inheritable
* and permitted sets of the executable file.
*/
if (!issecure(SECURE_NOROOT)) {
if (bprm->e_uid == 0 || current->uid == 0) {
cap_set_full(bprm->cap_inheritable);
cap_set_full(bprm->cap_permitted);
}
if (bprm->e_uid == 0)
cap_set_full(bprm->cap_effective);
}
into a new (hookable) function. In my kernel patch, they've become:
retval = vfs_cap_get_dentry(bprm->dentry, &bprm->cap);
if (retval) {
return -EPERM;
}
which emulates the 'tidied up' version of the old code in the case that
the local filesystem does not support capabilities.
Cheers
Andrew
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Apr 18 2001 - 08:42:53 PDT