Re: Capability tests in netlink and oom_kill

• Previous message: Stephen Smalley: "Re: Capability tests in netlink and oom_kill"
• In reply to: Stephen Smalley: "Re: Capability tests in netlink and oom_kill"
• Next in thread: Greg KH: "Re: Capability tests in netlink and oom_kill"
• Reply: Greg KH: "Re: Capability tests in netlink and oom_kill"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 21 Aug 2001, Stephen Smalley wrote:

> The other option would be to leave the separate uid 0 and euid 0
> tests in the base kernel, only replacing the capability test
> itself with a security_ops->capable call.  That would solve the
> problem while preserving the current semantics.  However, it 
> would also leave the uid/euid 0 tests hardcoded in the kernel,
> so superuser processes would still be less likely to be killed
> by oom_kill than other processes.

I've attached a new version of the oom_kill patch that only
replaces the capability tests and leaves the uid tests alone.
This patch does address my original concern (ensuring that we
do not grant processes unauthorized privileges when the 
capabilities module is disabled), and it preserves the original
semantics.

I can commit this patch tomorrow if there aren't objections.

--
Stephen D. Smalley, NAI Labs
ssmalleyat_private





diff -X /home/sds/dontdiff -ru lsm-wirex/mm/oom_kill.c lsm/mm/oom_kill.c
--- lsm-wirex/mm/oom_kill.c	Fri Aug 17 09:21:49 2001
+++ lsm/mm/oom_kill.c	Tue Aug 21 15:36:34 2001
@@ -89,7 +89,7 @@
 	 * Superuser processes are usually more important, so we make it
 	 * less likely that we kill those.
 	 */
-	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_ADMIN) ||
+	if (!security_ops->capable(p,CAP_SYS_ADMIN) ||
 				p->uid == 0 || p->euid == 0)
 		points /= 4;
 
@@ -99,7 +99,7 @@
 	 * tend to only have this flag set on applications they think
 	 * of as important.
 	 */
-	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO))
+	if (!security_ops->capable(p,CAP_SYS_RAWIO))
 		points /= 4;
 #ifdef DEBUG
 	printk(KERN_DEBUG "OOMkill: task %d (%s) got %d points\n",
@@ -153,7 +153,7 @@
 	p->flags |= PF_MEMALLOC;
 
 	/* This process has hardware access, be more careful. */
-	if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO)) {
+	if (!security_ops->capable(p,CAP_SYS_RAWIO)) {
 		force_sig(SIGTERM, p);
 	} else {
 		force_sig(SIGKILL, p);

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Greg KH: "Re: Capability tests in netlink and oom_kill"
• Previous message: Stephen Smalley: "Re: Capability tests in netlink and oom_kill"
• In reply to: Stephen Smalley: "Re: Capability tests in netlink and oom_kill"
• Next in thread: Greg KH: "Re: Capability tests in netlink and oom_kill"
• Reply: Greg KH: "Re: Capability tests in netlink and oom_kill"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 21 2001 - 13:22:02 PDT