Re: [RFC] No more module_* hooks

From: Chris Wright (chrisat_private)
Date: Tue Oct 01 2002 - 00:08:50 PDT

  • Next message: Crispin Cowan: "Re: [RFC] No more module_* hooks"

    * Chris Wright (chrisat_private) wrote:
    > * Greg KH (gregat_private) wrote:
    > > 
    > > Ok, that's reasonable to me, have a patch?  :)
    > 
    > Heh, not right now...I can spin up some examples later today.  Do you
    > have an audit list of the unused hooks?  The two together would be useful.
    
    A couple of trivial examples below.  For things like iopl/ioperm where
    capable() is only called when you are increasing your privilege level or
    enabling perm bits on ioports I expect we'd preserve that behaviour.
    That would mean the LSM hook would not be consulted on all checks, just
    those deemed security sensitive.  The alternative is to hide those
    details in the capability module, which seems wrong to me.
    -chris
    -- 
    Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
    
    diff -Nru a/kernel/acct.c b/kernel/acct.c
    --- a/kernel/acct.c	Tue Oct  1 00:07:37 2002
    +++ b/kernel/acct.c	Tue Oct  1 00:07:37 2002
    @@ -197,9 +197,6 @@
     	char *tmp;
     	int error;
     
    -	if (!capable(CAP_SYS_PACCT))
    -		return -EPERM;
    -
     	if (name) {
     		tmp = getname(name);
     		if (IS_ERR(tmp)) {
    @@ -223,8 +220,11 @@
     	}
     
     	error = security_ops->acct(file);
    -	if (error)
    +	if (error) {
    +		if (file)
    +			filp_close(file, NULL);
     		return error;
    +	}
     
     	spin_lock(&acct_globals.lock);
     	acct_file_reopen(file);
    diff -Nru a/kernel/sys.c b/kernel/sys.c
    --- a/kernel/sys.c	Tue Oct  1 00:07:37 2002
    +++ b/kernel/sys.c	Tue Oct  1 00:07:37 2002
    @@ -352,9 +352,6 @@
     	int retval;
     
     	/* We only trust the superuser with rebooting the system. */
    -	if (!capable(CAP_SYS_BOOT))
    -		return -EPERM;
    -
     	retval = security_ops->reboot(cmd);
     	if (retval) {
     		return retval;
    diff -Nru a/security/capability.c b/security/capability.c
    --- a/security/capability.c	Tue Oct  1 00:07:37 2002
    +++ b/security/capability.c	Tue Oct  1 00:07:37 2002
    @@ -22,6 +22,15 @@
     /* flag to keep track of how we were registered */
     static int secondary;
     
    +static int cap_capable (struct task_struct *tsk, int cap)
    +{
    +	/* Derived from include/linux/sched.h:capable. */
    +	if (cap_raised (tsk->cap_effective, cap))
    +		return 0;
    +	else
    +		return -EPERM;
    +}
    +
     static int cap_sethostname (char *hostname)
     {
     	return 0;
    @@ -34,7 +43,7 @@
     
     static int cap_reboot (unsigned int cmd)
     {
    -	return 0;
    +	return cap_capable(current, CAP_SYS_BOOT);
     }
     
     static int cap_ioperm (unsigned long from, unsigned long num, int turn_on)
    @@ -47,15 +56,6 @@
     	return 0;
     }
     
    -static int cap_capable (struct task_struct *tsk, int cap)
    -{
    -	/* Derived from include/linux/sched.h:capable. */
    -	if (cap_raised (tsk->cap_effective, cap))
    -		return 0;
    -	else
    -		return -EPERM;
    -}
    -
     static int cap_sys_security (unsigned int id, unsigned int call,
     			     unsigned long *args)
     {
    @@ -165,7 +165,7 @@
     
     static int cap_acct (struct file *file)
     {
    -	return 0;
    +	return cap_capable(current, CAP_SYS_PACCT);
     }
     
     static int cap_sysctl (ctl_table * table, int op)
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Oct 01 2002 - 00:17:18 PDT