Re: [Linux-security-module-commit] lsm 2.5 tree change 1.366

From: Chris Wright (chrisat_private)
Date: Tue Feb 19 2002 - 02:31:31 PST

  • Next message: Chris Wright: "Re: LIDS 2.0pre2 for linux-lsm-2.5.4 is here."

    * bkat_private (bkat_private) wrote:
    > chris changed the 2.5 LSM source tree.
    > 
    > Received the following changesets
    > ---------------------
    >     ChangeSetat_private, 2002-02-19 02:09:42-08:00, chrisat_private
    >       add binprm check_security hook.
    
    I added the check_security() hook needed by LIDS.  I moved it
    into search_binary_handler() for symmetry.  So, set_security() is called
    in prepare_binprm(), and accordingly check_security() is called in
    search_binary_handler().  This guarantees reliable access to the argv
    list and envp list in check_security().  It should be noted that the only
    real case that check_security() differs from set_security() is in do_execve
    (and arch specific do_execve32 analogs).
    
    thanks,
    -chris
    
    diff --minimal -Nru a/fs/exec.c b/fs/exec.c
    --- a/fs/exec.c	Tue Feb 19 02:24:39 2002
    +++ b/fs/exec.c	Tue Feb 19 02:24:39 2002
    @@ -761,6 +761,10 @@
     	    }
     	}
     #endif
    +	retval = security_ops->bprm_ops->check_security(&bprm);
    +	if (retval) 
    +		return retval;
    +
     	/* kernel module loader fixup */
     	/* so we don't try to load run modprobe in kernel space. */
     	set_fs(USER_DS);
    diff --minimal -Nru a/include/linux/security.h b/include/linux/security.h
    --- a/include/linux/security.h	Tue Feb 19 02:24:39 2002
    +++ b/include/linux/security.h	Tue Feb 19 02:24:39 2002
    @@ -83,6 +83,16 @@
      *	to replace it.
      *	@bprm contains the linux_binprm structure.
      *	Return 0 if the hook is successful and permission is granted.
    + * @check_security:
    + * 	This hook mediates the point when a search for a binary handler	will
    + * 	begin.  It allows a check the @bprm->security value which is set in
    + * 	the preceding set_security call.  The primary difference from
    + * 	set_security is that the argv list and envp list are reliably
    + * 	available in @bprm.  This hook may be called multiple times
    + * 	during a single execve; and in each pass set_security is called
    + * 	first.
    + * 	@bprm contains the linux_binprm structure.
    + *	Return 0 if the hook is successful and permission is granted.
      *
      * These are the security hooks for program execution operations.
      */
    @@ -91,6 +101,7 @@
     	void (*free_security) (struct linux_binprm *bprm);
     	void (*compute_creds) (struct linux_binprm *bprm);
     	int (*set_security) (struct linux_binprm *bprm);
    +	int (*check_security) (struct linux_binprm *bprm);
     };
     
     /**
    diff --minimal -Nru a/security/capability.c b/security/capability.c
    --- a/security/capability.c	Tue Feb 19 02:24:39 2002
    +++ b/security/capability.c	Tue Feb 19 02:24:39 2002
    @@ -211,6 +211,11 @@
     	return 0;
     }
     
    +static int cap_binprm_check_security (struct linux_binprm *bprm)
    +{
    +	return 0;
    +}
    +
     static void cap_binprm_free_security (struct linux_binprm *bprm)
     {
     	return;
    @@ -1096,6 +1101,7 @@
     	free_security:	cap_binprm_free_security,
     	compute_creds:	cap_binprm_compute_creds,
     	set_security:	cap_binprm_set_security,
    +	check_security:	cap_binprm_check_security,
     };
     
     static struct super_block_security_ops cap_sb_ops = {
    diff --minimal -Nru a/security/dte/dte.c b/security/dte/dte.c
    --- a/security/dte/dte.c	Tue Feb 19 02:24:39 2002
    +++ b/security/dte/dte.c	Tue Feb 19 02:24:39 2002
    @@ -233,6 +233,11 @@
     		dte_secondary_ops->bprm_ops->compute_creds(bprm);
     }
     
    +static int dte_binprm_check_security (struct linux_binprm *bprm)
    +{
    +	return 0;
    +}
    +
     static int dte_sb_statfs (struct super_block *sb)
     {
     	return 0;
    @@ -964,6 +969,7 @@
     	free_security:	dte_binprm_free_security,
     	compute_creds:	dte_binprm_compute_creds,
     	set_security:	dte_binprm_set_security,
    +	check_security:	dte_binprm_check_security,
     };
     
     static struct super_block_security_ops dte_sb_ops = {
    diff --minimal -Nru a/security/dummy.c b/security/dummy.c
    --- a/security/dummy.c	Tue Feb 19 02:24:39 2002
    +++ b/security/dummy.c	Tue Feb 19 02:24:39 2002
    @@ -168,6 +168,11 @@
     	return 0;
     }
     
    +static int dummy_binprm_check_security (struct linux_binprm *bprm)
    +{
    +	return 0;
    +}
    +
     static int dummy_sb_alloc_security (struct super_block *sb)
     {
     	return 0;
    @@ -919,6 +924,7 @@
     	free_security:	dummy_binprm_free_security,
     	compute_creds:	dummy_binprm_compute_creds,
     	set_security:	dummy_binprm_set_security,
    +	check_security:	dummy_binprm_check_security,
     };
     
     static struct super_block_security_ops dummy_sb_ops = {
    diff --minimal -Nru a/security/owlsm.c b/security/owlsm.c
    --- a/security/owlsm.c	Tue Feb 19 02:24:39 2002
    +++ b/security/owlsm.c	Tue Feb 19 02:24:39 2002
    @@ -185,6 +185,11 @@
     	return do_owlsm_sfd_set(bprm);
     }
     
    +static int owlsm_binprm_check_security (struct linux_binprm *bprm)
    +{
    +	return 0;
    +}
    +
     static int owlsm_sb_alloc_security (struct super_block *sb)
     {
     	return 0;
    @@ -934,6 +939,7 @@
     	free_security:	owlsm_binprm_free_security,
     	compute_creds:	owlsm_binprm_compute_creds,
     	set_security:	owlsm_binprm_set_security,
    +	check_security:	owlsm_binprm_check_security,
     };
     
     static struct super_block_security_ops owlsm_sb_ops = {
    diff --minimal -Nru a/security/selinux/hooks.c b/security/selinux/hooks.c
    --- a/security/selinux/hooks.c	Tue Feb 19 02:24:39 2002
    +++ b/security/selinux/hooks.c	Tue Feb 19 02:24:39 2002
    @@ -1770,6 +1770,11 @@
     	return 0;
     }
     
    +static int selinux_binprm_check_security (struct linux_binprm *bprm)
    +{
    +	return 0;
    +}
    +
     static void selinux_bprm_free_security(struct linux_binprm *bprm)
     {
     	/* Nothing to do - not dynamically allocated. */
    @@ -3989,6 +3994,7 @@
     	free_security:	selinux_bprm_free_security,
     	compute_creds:	selinux_bprm_compute_creds,
     	set_security:	selinux_bprm_set_security,
    +	check_security:	selinux_binprm_check_security,
     };
     
     static struct super_block_security_ops selinux_sb_ops = {
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Feb 19 2002 - 02:34:50 PST