* Chris Wright (chrisw@private) wrote:
> OK, let's do that then. sigio_perm() is small and localized, shouldn't
> be an issue to change it and it's callers.
Any reason I shouldn't push this up? I've tested it here.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
Stephen Smalley notes that send_sigurg isn't mediated by LSM in the
same manner as send_sigio. Patch below is a slight modification of
Stephen's original patch. It moves the security_file_send_sigiotask()
hook into the sigio_perm(). The hook's fd and reason arguments are
replaced with the signum. sigio_perm() and it's callers are updated to
pass the signum through to the hook. In send_sigio case, the signum is
simply fown->signum or SIGIO when signum is 0, however in send_sigurg
the kernel doesn't use fown->signum, it always sends SIGURG.
From: Stephen Smalley <sds@private>
Signed-off-by: Chris Wright <chrisw@private>
===== fs/fcntl.c 1.39 vs edited =====
--- 1.39/fs/fcntl.c 2004-08-09 12:00:39 -07:00
+++ edited/fs/fcntl.c 2004-08-31 13:39:55 -07:00
@@ -432,11 +432,12 @@
};
static inline int sigio_perm(struct task_struct *p,
- struct fown_struct *fown)
+ struct fown_struct *fown, int sig)
{
- return ((fown->euid == 0) ||
- (fown->euid == p->suid) || (fown->euid == p->uid) ||
- (fown->uid == p->suid) || (fown->uid == p->uid));
+ return (((fown->euid == 0) ||
+ (fown->euid == p->suid) || (fown->euid == p->uid) ||
+ (fown->uid == p->suid) || (fown->uid == p->uid)) &&
+ !security_file_send_sigiotask(p, fown, sig));
}
static void send_sigio_to_task(struct task_struct *p,
@@ -444,10 +445,7 @@
int fd,
int reason)
{
- if (!sigio_perm(p, fown))
- return;
-
- if (security_file_send_sigiotask(p, fown, fd, reason))
+ if (!sigio_perm(p, fown, fown->signum))
return;
switch (fown->signum) {
@@ -511,7 +509,7 @@
static void send_sigurg_to_task(struct task_struct *p,
struct fown_struct *fown)
{
- if (sigio_perm(p, fown))
+ if (sigio_perm(p, fown, SIGURG))
send_group_sig_info(SIGURG, SEND_SIG_PRIV, p);
}
===== include/linux/security.h 1.38 vs edited =====
--- 1.38/include/linux/security.h 2004-06-18 11:43:31 -07:00
+++ edited/include/linux/security.h 2004-08-31 18:13:46 -07:00
@@ -485,16 +485,15 @@
* @file contains the file structure to update.
* Return 0 on success.
* @file_send_sigiotask:
- * Check permission for the file owner @fown to send SIGIO to the process
- * @tsk. Note that this hook is always called from interrupt. Note that
- * the fown_struct, @fown, is never outside the context of a struct file,
- * so the file structure (and associated security information) can always
- * be obtained:
+ * Check permission for the file owner @fown to send SIGIO or SIGURG to the
+ * process @tsk. Note that this hook is sometimes called from interrupt.
+ * Note that the fown_struct, @fown, is never outside the context of a
+ * struct file, so the file structure (and associated security information)
+ * can always be obtained:
* (struct file *)((long)fown - offsetof(struct file,f_owner));
* @tsk contains the structure of task receiving signal.
* @fown contains the file owner information.
- * @fd contains the file descriptor.
- * @reason contains the operational flags.
+ * @sig is the signal that will be sent. When 0, kernel sends SIGIO.
* Return 0 if permission is granted.
* @file_receive:
* This hook allows security modules to control the ability of a process
@@ -1125,8 +1124,7 @@
unsigned long arg);
int (*file_set_fowner) (struct file * file);
int (*file_send_sigiotask) (struct task_struct * tsk,
- struct fown_struct * fown,
- int fd, int reason);
+ struct fown_struct * fown, int sig);
int (*file_receive) (struct file * file);
int (*task_create) (unsigned long clone_flags);
@@ -1641,9 +1639,9 @@
static inline int security_file_send_sigiotask (struct task_struct *tsk,
struct fown_struct *fown,
- int fd, int reason)
+ int sig)
{
- return security_ops->file_send_sigiotask (tsk, fown, fd, reason);
+ return security_ops->file_send_sigiotask (tsk, fown, sig);
}
static inline int security_file_receive (struct file *file)
@@ -2278,7 +2276,7 @@
static inline int security_file_send_sigiotask (struct task_struct *tsk,
struct fown_struct *fown,
- int fd, int reason)
+ int sig)
{
return 0;
}
===== security/dummy.c 1.43 vs edited =====
--- 1.43/security/dummy.c 2004-06-18 11:43:31 -07:00
+++ edited/security/dummy.c 2004-08-31 13:47:19 -07:00
@@ -511,8 +511,7 @@
}
static int dummy_file_send_sigiotask (struct task_struct *tsk,
- struct fown_struct *fown, int fd,
- int reason)
+ struct fown_struct *fown, int sig)
{
return 0;
}
===== security/selinux/hooks.c 1.60 vs edited =====
--- 1.60/security/selinux/hooks.c 2004-08-24 12:43:46 -07:00
+++ edited/security/selinux/hooks.c 2004-08-31 13:51:55 -07:00
@@ -2565,8 +2565,7 @@
}
static int selinux_file_send_sigiotask(struct task_struct *tsk,
- struct fown_struct *fown,
- int fd, int reason)
+ struct fown_struct *fown, int signum)
{
struct file *file;
u32 perm;
@@ -2579,10 +2578,10 @@
tsec = tsk->security;
fsec = file->f_security;
- if (!fown->signum)
+ if (!signum)
perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */
else
- perm = signal_to_av(fown->signum);
+ perm = signal_to_av(signum);
return avc_has_perm(fsec->fown_sid, tsec->sid,
SECCLASS_PROCESS, perm, NULL, NULL);
This archive was generated by hypermail 2.1.3 : Tue Aug 31 2004 - 22:44:54 PDT