* bkat_private (bkat_private) wrote: > chris changed the 2.5 LSM source tree. > > Received the following changesets > --------------------- > ChangeSetat_private, 2002-02-19 02:09:42-08:00, chrisat_private > add binprm check_security hook. I added the check_security() hook needed by LIDS. I moved it into search_binary_handler() for symmetry. So, set_security() is called in prepare_binprm(), and accordingly check_security() is called in search_binary_handler(). This guarantees reliable access to the argv list and envp list in check_security(). It should be noted that the only real case that check_security() differs from set_security() is in do_execve (and arch specific do_execve32 analogs). thanks, -chris diff --minimal -Nru a/fs/exec.c b/fs/exec.c --- a/fs/exec.c Tue Feb 19 02:24:39 2002 +++ b/fs/exec.c Tue Feb 19 02:24:39 2002 @@ -761,6 +761,10 @@ } } #endif + retval = security_ops->bprm_ops->check_security(&bprm); + if (retval) + return retval; + /* kernel module loader fixup */ /* so we don't try to load run modprobe in kernel space. */ set_fs(USER_DS); diff --minimal -Nru a/include/linux/security.h b/include/linux/security.h --- a/include/linux/security.h Tue Feb 19 02:24:39 2002 +++ b/include/linux/security.h Tue Feb 19 02:24:39 2002 @@ -83,6 +83,16 @@ * to replace it. * @bprm contains the linux_binprm structure. * Return 0 if the hook is successful and permission is granted. + * @check_security: + * This hook mediates the point when a search for a binary handler will + * begin. It allows a check the @bprm->security value which is set in + * the preceding set_security call. The primary difference from + * set_security is that the argv list and envp list are reliably + * available in @bprm. This hook may be called multiple times + * during a single execve; and in each pass set_security is called + * first. + * @bprm contains the linux_binprm structure. + * Return 0 if the hook is successful and permission is granted. * * These are the security hooks for program execution operations. */ @@ -91,6 +101,7 @@ void (*free_security) (struct linux_binprm *bprm); void (*compute_creds) (struct linux_binprm *bprm); int (*set_security) (struct linux_binprm *bprm); + int (*check_security) (struct linux_binprm *bprm); }; /** diff --minimal -Nru a/security/capability.c b/security/capability.c --- a/security/capability.c Tue Feb 19 02:24:39 2002 +++ b/security/capability.c Tue Feb 19 02:24:39 2002 @@ -211,6 +211,11 @@ return 0; } +static int cap_binprm_check_security (struct linux_binprm *bprm) +{ + return 0; +} + static void cap_binprm_free_security (struct linux_binprm *bprm) { return; @@ -1096,6 +1101,7 @@ free_security: cap_binprm_free_security, compute_creds: cap_binprm_compute_creds, set_security: cap_binprm_set_security, + check_security: cap_binprm_check_security, }; static struct super_block_security_ops cap_sb_ops = { diff --minimal -Nru a/security/dte/dte.c b/security/dte/dte.c --- a/security/dte/dte.c Tue Feb 19 02:24:39 2002 +++ b/security/dte/dte.c Tue Feb 19 02:24:39 2002 @@ -233,6 +233,11 @@ dte_secondary_ops->bprm_ops->compute_creds(bprm); } +static int dte_binprm_check_security (struct linux_binprm *bprm) +{ + return 0; +} + static int dte_sb_statfs (struct super_block *sb) { return 0; @@ -964,6 +969,7 @@ free_security: dte_binprm_free_security, compute_creds: dte_binprm_compute_creds, set_security: dte_binprm_set_security, + check_security: dte_binprm_check_security, }; static struct super_block_security_ops dte_sb_ops = { diff --minimal -Nru a/security/dummy.c b/security/dummy.c --- a/security/dummy.c Tue Feb 19 02:24:39 2002 +++ b/security/dummy.c Tue Feb 19 02:24:39 2002 @@ -168,6 +168,11 @@ return 0; } +static int dummy_binprm_check_security (struct linux_binprm *bprm) +{ + return 0; +} + static int dummy_sb_alloc_security (struct super_block *sb) { return 0; @@ -919,6 +924,7 @@ free_security: dummy_binprm_free_security, compute_creds: dummy_binprm_compute_creds, set_security: dummy_binprm_set_security, + check_security: dummy_binprm_check_security, }; static struct super_block_security_ops dummy_sb_ops = { diff --minimal -Nru a/security/owlsm.c b/security/owlsm.c --- a/security/owlsm.c Tue Feb 19 02:24:39 2002 +++ b/security/owlsm.c Tue Feb 19 02:24:39 2002 @@ -185,6 +185,11 @@ return do_owlsm_sfd_set(bprm); } +static int owlsm_binprm_check_security (struct linux_binprm *bprm) +{ + return 0; +} + static int owlsm_sb_alloc_security (struct super_block *sb) { return 0; @@ -934,6 +939,7 @@ free_security: owlsm_binprm_free_security, compute_creds: owlsm_binprm_compute_creds, set_security: owlsm_binprm_set_security, + check_security: owlsm_binprm_check_security, }; static struct super_block_security_ops owlsm_sb_ops = { diff --minimal -Nru a/security/selinux/hooks.c b/security/selinux/hooks.c --- a/security/selinux/hooks.c Tue Feb 19 02:24:39 2002 +++ b/security/selinux/hooks.c Tue Feb 19 02:24:39 2002 @@ -1770,6 +1770,11 @@ return 0; } +static int selinux_binprm_check_security (struct linux_binprm *bprm) +{ + return 0; +} + static void selinux_bprm_free_security(struct linux_binprm *bprm) { /* Nothing to do - not dynamically allocated. */ @@ -3989,6 +3994,7 @@ free_security: selinux_bprm_free_security, compute_creds: selinux_bprm_compute_creds, set_security: selinux_bprm_set_security, + check_security: selinux_binprm_check_security, }; static struct super_block_security_ops selinux_sb_ops = { _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Feb 19 2002 - 02:34:50 PST