Re: [PATCH] Process Attribute API for Security Modules 2.5.69

From: Stephen Smalley (sdsat_private)
Date: Fri May 16 2003 - 13:08:26 PDT

  • Next message: Especialização...: "É na Unyahna!"

    This patch, relative to the /proc/pid/attr patch against 2.5.69, fixes
    the mode values of the /proc/pid/attr nodes to avoid interference by the
    normal Linux access checks for these nodes (and also fixes the
    /proc/pid/attr/prev mode to reflect its read-only nature).  Otherwise,
    when the dumpable flag is cleared by a set[ug]id or unreadable
    executable, a process will lose the ability to set its own attributes
    via writes to /proc/pid/attr due to a DAC failure (/proc/pid inodes are
    assigned the root uid/gid if the task is not dumpable, and the original
    mode only permitted the owner to write).  The security module should
    implement appropriate permission checking in its [gs]etprocattr hook
    functions.  In the case of SELinux, the setprocattr hook function only
    allows a process to write to its own /proc/pid/attr nodes as well as
    imposing other policy-based restrictions, and the getprocattr hook
    function performs a permission check between the security labels of the
    current process and target process to determine whether the operation is
    permitted.
    
     base.c |    8 ++++----
     1 files changed, 4 insertions(+), 4 deletions(-)
    
    Index: linux-2.5/fs/proc/base.c
    ===================================================================
    RCS file: /home/pal/CVS/linux-2.5/fs/proc/base.c,v
    retrieving revision 1.11
    retrieving revision 1.12
    diff -u -r1.11 -r1.12
    --- linux-2.5/fs/proc/base.c	14 May 2003 12:05:37 -0000	1.11
    +++ linux-2.5/fs/proc/base.c	16 May 2003 18:34:39 -0000	1.12
    @@ -99,10 +99,10 @@
     };
     #ifdef CONFIG_SECURITY
     static struct pid_entry attr_stuff[] = {
    -  E(PROC_PID_ATTR_CURRENT,	"current",	S_IFREG|S_IRUGO|S_IWUSR),
    -  E(PROC_PID_ATTR_PREV,	"prev",	S_IFREG|S_IRUGO|S_IWUSR),
    -  E(PROC_PID_ATTR_EXEC,	"exec",	S_IFREG|S_IRUGO|S_IWUSR),
    -  E(PROC_PID_ATTR_FSCREATE,	"fscreate",	S_IFREG|S_IRUGO|S_IWUSR),
    +  E(PROC_PID_ATTR_CURRENT,	"current",	S_IFREG|S_IRUGO|S_IWUGO),
    +  E(PROC_PID_ATTR_PREV,	"prev",	S_IFREG|S_IRUGO),
    +  E(PROC_PID_ATTR_EXEC,	"exec",	S_IFREG|S_IRUGO|S_IWUGO),
    +  E(PROC_PID_ATTR_FSCREATE,	"fscreate",	S_IFREG|S_IRUGO|S_IWUGO),
       {0,0,NULL,0}
     };
     #endif
    
    
     
    -- 
    Stephen Smalley <sdsat_private>
    National Security Agency
    
    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomoat_private
    More majordomo info at  http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at  http://www.tux.org/lkml/
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri May 16 2003 - 13:20:55 PDT