* Chris Wright (chrisat_private) wrote: > * Greg KH (gregat_private) wrote: > > > > Ok, that's reasonable to me, have a patch? :) > > Heh, not right now...I can spin up some examples later today. Do you > have an audit list of the unused hooks? The two together would be useful. A couple of trivial examples below. For things like iopl/ioperm where capable() is only called when you are increasing your privilege level or enabling perm bits on ioports I expect we'd preserve that behaviour. That would mean the LSM hook would not be consulted on all checks, just those deemed security sensitive. The alternative is to hide those details in the capability module, which seems wrong to me. -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net diff -Nru a/kernel/acct.c b/kernel/acct.c --- a/kernel/acct.c Tue Oct 1 00:07:37 2002 +++ b/kernel/acct.c Tue Oct 1 00:07:37 2002 @@ -197,9 +197,6 @@ char *tmp; int error; - if (!capable(CAP_SYS_PACCT)) - return -EPERM; - if (name) { tmp = getname(name); if (IS_ERR(tmp)) { @@ -223,8 +220,11 @@ } error = security_ops->acct(file); - if (error) + if (error) { + if (file) + filp_close(file, NULL); return error; + } spin_lock(&acct_globals.lock); acct_file_reopen(file); diff -Nru a/kernel/sys.c b/kernel/sys.c --- a/kernel/sys.c Tue Oct 1 00:07:37 2002 +++ b/kernel/sys.c Tue Oct 1 00:07:37 2002 @@ -352,9 +352,6 @@ int retval; /* We only trust the superuser with rebooting the system. */ - if (!capable(CAP_SYS_BOOT)) - return -EPERM; - retval = security_ops->reboot(cmd); if (retval) { return retval; diff -Nru a/security/capability.c b/security/capability.c --- a/security/capability.c Tue Oct 1 00:07:37 2002 +++ b/security/capability.c Tue Oct 1 00:07:37 2002 @@ -22,6 +22,15 @@ /* flag to keep track of how we were registered */ static int secondary; +static int cap_capable (struct task_struct *tsk, int cap) +{ + /* Derived from include/linux/sched.h:capable. */ + if (cap_raised (tsk->cap_effective, cap)) + return 0; + else + return -EPERM; +} + static int cap_sethostname (char *hostname) { return 0; @@ -34,7 +43,7 @@ static int cap_reboot (unsigned int cmd) { - return 0; + return cap_capable(current, CAP_SYS_BOOT); } static int cap_ioperm (unsigned long from, unsigned long num, int turn_on) @@ -47,15 +56,6 @@ return 0; } -static int cap_capable (struct task_struct *tsk, int cap) -{ - /* Derived from include/linux/sched.h:capable. */ - if (cap_raised (tsk->cap_effective, cap)) - return 0; - else - return -EPERM; -} - static int cap_sys_security (unsigned int id, unsigned int call, unsigned long *args) { @@ -165,7 +165,7 @@ static int cap_acct (struct file *file) { - return 0; + return cap_capable(current, CAP_SYS_PACCT); } static int cap_sysctl (ctl_table * table, int op) _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Oct 01 2002 - 00:17:18 PDT