* Antony Edwards (aedwardat_private) wrote: > > Hi, > > The setgroups16 system call (in kernel/uid16.c) is not protected by the > task_ops->setgroups > hook. Unfortunately, adding this hook isn't completely straightforward. The > problem is that > the group list in setgroups16 is 16-bit, while the task_ops->setgroups hook > expects 32-bit > gid's. There seem to be two reasonable solutions: > > (1) Add a parameter to the setgroups hook to give the list format. > > (2) Change the existing code to convert the array to 32-bit gid's and call > the > normal setgroups function. > > Just wanted to get peoples thoughts before I wrote a patch. Ah, another good catch ;-) Keeping the interface simple is important; I prefer the second option. Something like: ===== kernel/uid16.c 1.1 vs edited ===== --- 1.1/kernel/uid16.c Thu Feb 15 13:25:47 2001 +++ edited/kernel/uid16.c Sat Feb 2 19:26:31 2002 @@ -12,6 +12,7 @@ #include <linux/prctl.h> #include <linux/init.h> #include <linux/highuid.h> +#include <linux/security.h> #include <asm/uaccess.h> @@ -128,6 +129,7 @@ asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t *grouplist) { old_gid_t groups[NGROUPS]; + gid_t new_groups[NGROUPS]; int i; if (!capable(CAP_SETGID)) @@ -137,7 +139,11 @@ if (copy_from_user(groups, grouplist, gidsetsize * sizeof(old_gid_t))) return -EFAULT; for (i = 0 ; i < gidsetsize ; i++) - current->groups[i] = (gid_t)groups[i]; + new_groups[i] = (gid_t)groups[i]; + i = security_ops->task_ops->setgroups(gidsetsize, new_groups); + if (i) + return i; + memcpy(current->groups, new_groups, gidsetsize * sizeof(gid_t)); current->ngroups = gidsetsize; return 0; } thanks, -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Feb 02 2002 - 19:37:27 PST