> > no_nice = security_ops->task_ops->setnice(p, niceval);
> > if (p->uid != current->euid &&
> > p->uid != currnet->uid && no_nice) {
> > error = -EPERM;
> > .
> > .
> > }
> >
> > To something more like:
> >
> > no_nice = security_ops->task_ops->setnice(p, niceval);
> > if ( (p->uid != current->euid && p->uid != currnet->uid)
> > || no_nice != 0) {
> > error = no_nice;
> > .
> > .
> > }
>
> The dummy functions don't really provide much in the way of security. They
> fall some where between DAC and everybody is root. Stephen Smalley has
> suggested re-evaluating the dummy code and adding root checks to align with
> DAC. I am inclined to fix this in dummy_setnice rather than
> sys_setpriority.
I think the issue is that the logic is wrong (or unclear at the least.)
Currently it is saying:
if (you are rootish, own the process, or the module lets you) you can
renice things
And Roy suggests:
if ((you are rootish or own the process) AND (the module lets you)) you
can renice things.
Beyond even dummy stuff, it seems more useful (not to mention safer) to
rework the logic. This way one could write modules that would hamper root
(useful for trappin' baddies), instead of writing modules that allow huge
security holes.
-Titus
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed May 30 2001 - 14:38:23 PDT