Re: sys_setpriority error

• Previous message: David Wagner: "Re: sys_setpriority error"
• In reply to: Stephen Smalley: "Re: sys_setpriority error"
• Reply: jmjonesat_private: "Re: sys_setpriority error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Stephen Smalley (sdsat_private) wrote:
> 
> > The dummy functions don't really provide much in the way of security.  They
> > fall some where between DAC and everybody is root.  Stephen Smalley has
> > suggested re-evaluating the dummy code and adding root checks to align with
> > DAC.  I am inclined to fix this in dummy_setnice rather than
> > sys_setpriority.
> 
> This doesn't fix the setpriority problem, as others have mentioned.
> However, it does need to be addressed in the dummy code.  I also had to
> address this issue in the SELinux module code so that a LSM kernel with
> the SELinux module provides both the traditional root checks and the
> SELinux checks.  See the root checks in the task_has_capability() function
> in the attached file.  This function is called by each of the hooks that 
> corresponds to a capability check (with a few exceptions due to confusion
> over whether the hook is supposed to be "authoritative" or "override").
> Likewise, each of the dummy hooks that corresponds to a capability check
> should call a function to perform these root checks so that a kernel
> built without any security modules provides reasonable behavior.

I've made the change already to the dummy_capable() hook to check super
user.  I'll work on upgrading the rest of the capable derviative dummy hooks
to use this check.

> Also, the dummy code either needs to implement traditional setuid/setgid
> program handling in the compute_creds hook (as in both the capabilities
> plug and the SELinux module), or we need to restore the base kernel
> compute_creds function with that processing (in which case it would
> call the hook, and the current hook calls would be restored to
> calling the base kernel function), as I've previously suggested.
> As the LSM patch currently exists, setuid/setgid program execution
> doesn't work when no modules are enabled.

This is a known issue.  I'm inclined to implement a dummy version only
because I don't have a good idea of how to make a meaningful separation in
compute_creds so that it can be left in the kernel.  

-chris

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Wright: "Re: sys_setpriority error"
• Previous message: David Wagner: "Re: sys_setpriority error"
• In reply to: Stephen Smalley: "Re: sys_setpriority error"
• Reply: jmjonesat_private: "Re: sys_setpriority error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 31 2001 - 11:03:31 PDT