diff -Naur linux-2.6.8orig/security/Kconfig linux-2.6.8/security/Kconfig
--- linux-2.6.8orig/security/Kconfig 2004-10-08 12:45:12.000000000 -0700
+++ linux-2.6.8/security/Kconfig 2004-10-08 12:51:53.022458904 -0700
@@ -44,20 +44,6 @@
If you are unsure how to answer this question, answer N.
-config SECURITY_TPE
- tristate "Trusted Path Execution (EXPERIMENTAL)"
- depends SECURITY && EXPERIMENTAL
- help
- The TPE module enforces a check on the running of executables.
- It will not allow execution if the program is located in a
- "trusted path" and the current user is "untrusted". A trusted
- path is one which is root owned an neither group nor other
- writeable. A user is considered trusted if their uid is added
- to a trusted list in memory. Root is trusted, by default.
- Contact Niki A. Rahimi <narahimi@private> for more info.
-
- If you're unsure, answer N.
-
source security/selinux/Kconfig
endmenu
diff -Naur linux-2.6.8orig/security/Makefile linux-2.6.8/security/Makefile
--- linux-2.6.8orig/security/Makefile 2004-10-08 12:46:03.000000000 -0700
+++ linux-2.6.8/security/Makefile 2004-08-13 22:37:26.000000000 -0700
@@ -14,5 +14,4 @@
# Must precede capability.o in order to stack properly.
obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o
-obj-$(CONFIG_SECURITY_TPE) += tpe.o
obj-$(CONFIG_SECURITY_ROOTPLUG) += commoncap.o root_plug.o
diff -Naur linux-2.6.8orig/security/tpe.c linux-2.6.8/security/tpe.c
--- linux-2.6.8orig/security/tpe.c 2004-10-08 12:49:15.000000000 -0700
+++ linux-2.6.8/security/tpe.c 1969-12-31 16:00:00.000000000 -0800
@@ -1,375 +0,0 @@
-/*
- * Trusted Path Execution Security Module
- *
- * This module is an attempt to bring Trusted Path Execution (TPE) to the
- * Linux kernel. TPE originated as a kernel patch to OpenBSD 2.4 by
- * route|daemon9 and Mike Schifman (see Phrack 54). We have modified the
- * original project to fit within the constraints of the LSM framework
- * and so it should be noted that this is not the same project. Also,
- * the module makes use of a pseudo filesystem approach created by
- * Greg Kroah-Hartman for his work on pcihotplug.
- *
- * Also, thanks and credit to Serge Hallyn for his help on getting the bugs
- * out of this module.
- *
- * Copyright (C) 1998 route|daemon9 and Mike D. Schiffman
- * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@private>
- * Copyright (C) 2003 IBM Corp. <narahimi@private>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * Alternatively, this program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.*
- */
-
-#include <linux/config.h>
-#include <linux/module.h>
-#include <linux/slab.h>
-#include <linux/smp_lock.h>
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/security.h>
-#include <linux/skbuff.h>
-#include <linux/netlink.h>
-#include <linux/types.h>
-#include <linux/fs.h>
-#include <asm/uaccess.h>
-#include <linux/pagemap.h>
-#include <linux/namei.h>
-#include <linux/vfs.h>
-#include <linux/mount.h>
-#include <linux/string.h>
-#include <linux/sysfs.h>
-
-#include "tpe.h"
-
-static int secondary;
-static spinlock_t tpe_acl_lock = SPIN_LOCK_UNLOCKED;
-
-/* Insertion sort the list. */
-static void tpe_sort (int low, int high) /* (list low element, list
high element) */
-{
- int i,j,n;
- /* Standard insertion sort. */
- for (i = low + 1; i <= high; i++) {
- if (tpe_acl[i] < tpe_acl[low]) {
- tpe_acl[low] ^= tpe_acl[i];
- tpe_acl[i] ^= tpe_acl[low];
- tpe_acl[low] ^= tpe_acl[i];
- }
- }
-
- for (i = low + 2; i <= high; i++) {
- j = i;
- n = tpe_acl[i];
- while (n < tpe_acl[j - 1]) {
- tpe_acl[j] = tpe_acl[j - 1];
- j--;
- }
- tpe_acl[j] = n;
- }
-}
-
-/* Attempt to add a candidate to the list. */
-static int tpe_add (uid_t add_candidate)
-{
- int retval = -EINVAL;
-
- /* Full list. */
- if (tpe_acl_candidates == (TPE_ACL_SIZE - 2)) {
- printk(KERN_INFO "Unable to add user %d. List is full.\n",
- add_candidate);
- goto out;
- }
-
- if (add_candidate == 0) {
- printk(KERN_INFO "tpe: Invalid userid. Cannot add.\n");
- goto out;
- }
-
- /* Don't add duplicates */
- if ((tpe_search(add_candidate)) == NACK) {
- /* Add to the end of the list, then sort. */
- tpe_acl_candidates++;
- tpe_acl[tpe_acl_candidates] = add_candidate;
- tpe_acl[tpe_acl_candidates + 1] = '\0'; /* terminate array */
- tpe_sort(0, tpe_acl_candidates);
- printk(KERN_INFO "tpe: UID %d added to trust list\n",
- add_candidate);
- } else {
- printk(KERN_INFO "tpe: duplicate UID %d not added\n",
- add_candidate);
- goto out;
- }
- retval = 0;
-out:
- return retval;
-}
-
-/* Attempt to remove a candidate from the list. Only fails if the entry is */
-/* not there. */
-static int tpe_remove (uid_t rem_candidate)
-{
- int n;
- int retval = -EINVAL;
- if (tpe_acl_candidates == 0) {
- /* Empty list */
- goto out;
- }
- if (rem_candidate == 0) {
- printk(KERN_INFO "tpe: Invalid userid. Cannot remove.\n");
- goto out;
- }
-
- n = tpe_search(rem_candidate);
- if (n != NACK) {
- /* Remove candidate (mark slot as unused), resort the list. */
- tpe_acl[n] = TPE_INITIALIZER;
- tpe_acl_candidates--;
- tpe_sort(0, tpe_acl_candidates);
- printk(KERN_INFO "tpe: UID %d removed from trust list\n",
- rem_candidate);
- retval = 0;
- goto out;
- }
- /* Not found. */
- printk(KERN_INFO "tpe: UID %d not found in trust list\n",
- rem_candidate);
-out:
- return retval;
-}
-
-/* Beginning of a sysfs subsystem for tpe */
-static struct subsystem tpefs_subsys;
-
-struct tpe_list {
- char *name;
-
- struct list_head slot_list;
- struct kobject kobj;
-};
-
-struct tpefs_attribute {
- struct attribute attr;
- ssize_t (*show)(struct tpe_list *, char *);
- ssize_t (*store)(struct tpe_list *, const char *, size_t);
-};
-
-static ssize_t tpefs_attr_show(struct kobject *kobj, struct attribute *attr,
-char *buf)
-{
- struct tpe_list *list = container_of(kobj, struct tpe_list, kobj);
- struct tpefs_attribute *attribute = container_of(attr, struct
- tpefs_attribute, attr);
- return attribute->show ? attribute->show(list, buf) : 0;
-}
-
-static ssize_t tpefs_attr_store(struct kobject *kobj, struct attribute *attr,
-const char *buf, size_t len)
-{
- struct tpe_list *list = container_of(kobj, struct tpe_list, kobj);
- struct tpefs_attribute *attribute = container_of(attr, struct
- tpefs_attribute, attr);
- return attribute->store ? attribute->store(list, buf, len) : 0;
-}
-
-static struct sysfs_ops tpefs_sysfs_ops = {
- .show = tpefs_attr_show,
- .store = tpefs_attr_store,
-};
-
-static struct kobj_type tpefs_ktype = {
- .sysfs_ops = &tpefs_sysfs_ops
-};
-
-static decl_subsys(tpefs, &tpefs_ktype, NULL);
-
-static ssize_t trustedlistadd_read_file (struct tpe_list *list, char *buf)
-{
- int i;
- int retval = 0;
- char *user = NULL;
- char buffer[400];
-
- user = (char *)__get_free_page(GFP_KERNEL);
- if (!user)
- return -ENOMEM;
-
- if (tpe_acl == NULL) {
- printk(KERN_INFO "empty acl list\n");
- return -ENODATA;
- }
-
- buffer[0] = '\0';
- printk(KERN_INFO "%d trusted user(s): \n", tpe_acl_candidates);
- spin_lock(&tpe_acl_lock);
- for (i=0; i < tpe_acl_candidates; i++) {
- printk(KERN_INFO "%d ", tpe_acl[i]);
- retval = sprintf(user, "%d\n", tpe_acl[i]);
- strcat(buffer, user);
- }
- printk(KERN_INFO "\n");
- spin_unlock(&tpe_acl_lock);
-
- retval = snprintf(buf, 4096, "%s\n", buffer);
-
- free_page((unsigned long)user);
- return retval;
-}
-
-static ssize_t trustedlistadd_write_file (struct tpe_list *list,
const char *buf,
-size_t count)
-{
- int retval;
- unsigned long add_candidate;
-
- add_candidate = simple_strtoul(buf, NULL, 10);
-
- printk(KERN_INFO "value of add_candidate is %d.\n", (int)add_candidate);
- spin_lock(&tpe_acl_lock);
- retval = tpe_add(add_candidate);
- spin_unlock(&tpe_acl_lock);
- if (retval) {
- return retval;
- }
- return count;
-
-}
-
-struct tpefs_attribute tpefs_listadd_attr = {
- .attr = {.name = "add", .mode = S_IFREG | S_IRUGO | S_IWUSR},
- .show = trustedlistadd_read_file,
- .store = trustedlistadd_write_file
-};
-
-static ssize_t trustedlistdel_write_file (struct tpe_list *list,
const char *buf,
-size_t count)
-{
- int retval;
- unsigned long rem_candidate;
-
- rem_candidate = simple_strtoul(buf, NULL, 10);
-
- printk(KERN_INFO "value of rem_candidate is %d.\n", (int)rem_candidate);
- spin_lock(&tpe_acl_lock);
- retval = tpe_remove(rem_candidate);
- spin_unlock(&tpe_acl_lock);
- if (retval) {
- return retval;
- }
- return count;
-
-}
-
-struct tpefs_attribute tpefs_listdel_attr = {
- .attr = {.name = "del", .mode = S_IFREG | S_IRUGO | S_IWUSR},
- .store = trustedlistdel_write_file
-};
-
-/* Module code */
-
-static int tpe_bprm_set_security (struct linux_binprm *bprm)
-{
- uid_t pthuid = bprm->file->f_dentry->d_parent->d_inode->i_uid;
- mode_t pthmode = bprm->file->f_dentry->d_parent->d_inode->i_mode;
- if((!TRUSTED_PATH(pthmode, pthuid)) && (!TRUSTED_USER(current->euid))) {
- printk (KERN_INFO "An attempt to run an executable "
- "by an untrusted user was made in an untrusted "
- "path. Access denied.\n");
- return -EACCES;
- }
- return 0;
-}
-
-struct security_operations tpe_security_ops = {
- bprm_set_security: tpe_bprm_set_security,
-};
-
-#if defined(CONFIG_SECURITY_TPE_MODULE)
-#define MY_NAME THIS_MODULE->name
-#else
-#define MY_NAME "tpe"
-#endif
-
-static int __init tpe_module_init (void)
-{
- int retval;
- /* register ourselves with the security framework */
- if (register_security (&tpe_security_ops)) {
- printk (KERN_INFO
- "Failure registering tpe module with the kernel\n");
- /* try registering with primary module */
- if (mod_reg_security (MY_NAME, &tpe_security_ops)) {
- printk (KERN_INFO "Failure registering tpe module "
- "with primary security module.\n");
- return -EINVAL;
- }
- secondary = 1;
- }
-
- /* register tpe subsystem */
- printk(KERN_INFO "registering tpe subsystem.\n");
- retval = subsystem_register(&tpefs_subsys);
- if (retval) {
- printk(KERN_INFO "subsystem_register failed with %d\n", retval);
- return retval;
- }
-
- sysfs_create_file(&tpefs_subsys.kset.kobj, &tpefs_listadd_attr.attr);
- sysfs_create_file(&tpefs_subsys.kset.kobj, &tpefs_listdel_attr.attr);
-
- printk(KERN_INFO "tpe LSM initialized\n");
- tpe_init();
- printk(KERN_INFO "Trusted path execution initialized.\n");
- return 0;
-}
-
-static void __exit tpe_exit (void)
-{
- sysfs_remove_file(&tpefs_subsys.kset.kobj, &tpefs_listadd_attr.attr);
- sysfs_remove_file(&tpefs_subsys.kset.kobj, &tpefs_listdel_attr.attr);
- subsystem_unregister(&tpefs_subsys);
-
- /* remove ourselves from the security framework */
- if (secondary) {
- if (mod_unreg_security (MY_NAME, &tpe_security_ops))
- printk (KERN_INFO "Failure unregistering tpe module "
- "with primary module.\n");
- return;
- }
-
- if (unregister_security (&tpe_security_ops)) {
- printk (KERN_INFO
- "Failure unregistering tpe module with the kernel\n");
- }
- printk(KERN_INFO "tpe LSM removed\n");
-
-}
-
-module_init (tpe_module_init);
-module_exit (tpe_exit);
-
-MODULE_DESCRIPTION("LSM implementation of Trusted Path Execution");
-MODULE_LICENSE("Dual BSD/GPL");
diff -Naur linux-2.6.8orig/security/tpe.h linux-2.6.8/security/tpe.h
--- linux-2.6.8orig/security/tpe.h 2004-10-08 12:49:20.000000000 -0700
+++ linux-2.6.8/security/tpe.h 1969-12-31 16:00:00.000000000 -0800
@@ -1,112 +0,0 @@
-/*
- * Trusted path ACL implementation created as a Loadable Security Module.
- * This project is an abstraction of the original Trusted Path Execution
- * patch to OpenBSD, which was created by route|daemon9 and Mike Schiffman.
- * For the original OpenBSD write-up, see Phrack Magazine, issue 54,
- * article 6 at http://www.phrack.com.
- *
- * A path is considered trusted if the parent directory is owned by root
- * and is neither group nor world writeable. A user is considered trusted
- * if she/he is on the kernels trust list, as created by this module. An
- * untrusted user attempting to run an executable in an untrusted path
- * will be denied execution.
- *
- * Copyright (c) 1998 route|daemon9 and Mike D. Schiffman
- * Copyright (c) 2003 IBM Corp. <narahimi@private>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * Alternatively, this program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.*
- */
-
-#ifndef __TPE_H
-#define __TPE_H
-
-#include <linux/types.h>
-#include <asm/uaccess.h>
-
-/*
- * syscall stuff
- */
-#define TPE_ACL_SIZE 82 /* Maximum number of users in the list
- * plus two. This was an original
- * component of TPE. This will be
- * fixed later on.
- */
-
-#define TPE_INITIALIZER -1 /* A UID that isn't used */
-
-#define ACK 1 /* positive acknowledgement */
-#define NACK -1 /* negative acknowledgement */
-#define DUP 3 /* duplicate id return for tpe_add */
-
-/*
- * Verify the path.
- */
-#define TRUSTED_PATH(mode, uid) \
-(!(mode & (S_IWGRP | S_IWOTH)) && (uid == 0))
-
-static uid_t tpe_acl[TPE_ACL_SIZE]; /* trusted user list */
-static int tpe_acl_candidates; /* number of users on the list */
-
-/*
- * Verify the user. This macro is passed the user's ID from the
- * tpe_bprm_set_security hook.
- */
-
-#define TRUSTED_USER(UID) (tpe_verify(UID) == ACK)
-
-/* Initialize the array with default values (TPE_INITIALIZER). */
-
-static inline void tpe_init (void)
-{
- memset(tpe_acl, TPE_INITIALIZER, sizeof(uid_t) * TPE_ACL_SIZE);
- printk(KERN_INFO "tpe_acl list created\n");
- tpe_acl_candidates = 1;
- tpe_acl[0] = 0;
-}
-
-/* Locate a uid in the list */
-static inline int tpe_search (uid_t candidate)
-{
- int i;
- for (i = 0; i < tpe_acl_candidates; i++) {
- if (candidate == tpe_acl[i]) {
- return i;
- }
- }
- return NACK;
-}
-
-/* Verify a candidate user. */
-static inline int tpe_verify (uid_t candidate)
-{
- if ((tpe_search(candidate)) != NACK) {
- return (ACK);
- }
- return (NACK);
-}
-#endif /* __TPE_H */
-
-struct tpe_list {
- char *name;
-
- struct list_head slot_list;
- struct kobject kobj;
-};
-
-struct tpefs_attribute {
- struct attribute attr;
- ssize_t (*show)(struct tpe_list *, char *);
- ssize_t (*store)(struct tpe_list *, const char *, size_t);
-};
-
-static ssize_t tpefs_attr_show(struct kobject *kobj, struct attribute *attr,
-char *buf)
-{
- struct tpe_list *list = container_of(kobj, struct tpe_list, kobj);
- struct tpefs_attribute *attribute = container_of(attr, struct
- tpefs_attribute, attr);
- return attribute->show ? attribute->show(list, buf) : 0;
-}
-
-static ssize_t tpefs_attr_store(struct kobject *kobj, struct attribute *attr,
-const char *buf, size_t len)
-{
- struct tpe_list *list = container_of(kobj, struct tpe_list, kobj);
- struct tpefs_attribute *attribute = container_of(attr, struct
- tpefs_attribute, attr);
- return attribute->store ? attribute->store(list, buf, len) : 0;
-}
-
-static struct sysfs_ops tpefs_sysfs_ops = {
- .show = tpefs_attr_show,
- .store = tpefs_attr_store,
-};
-
-static struct kobj_type tpefs_ktype = {
- .sysfs_ops = &tpefs_sysfs_ops
-};
-
-static decl_subsys(tpefs, &tpefs_ktype, NULL);
-
-static ssize_t trustedlistadd_read_file (struct tpe_list *list, char *buf)
-{
- int i;
- int retval = 0;
- char *user = NULL;
- char buffer[400];
-
- user = (char *)__get_free_page(GFP_KERNEL);
- if (!user)
- return -ENOMEM;
-
- if (tpe_acl == NULL) {
- printk(KERN_INFO "empty acl list\n");
- return -ENODATA;
- }
-
- buffer[0] = '\0';
- printk(KERN_INFO "%d trusted user(s): \n", tpe_acl_candidates);
- spin_lock(&tpe_acl_lock);
- for (i=0; i < tpe_acl_candidates; i++) {
- printk(KERN_INFO "%d ", tpe_acl[i]);
- retval = sprintf(user, "%d\n", tpe_acl[i]);
- strcat(buffer, user);
- }
- printk(KERN_INFO "\n");
- spin_unlock(&tpe_acl_lock);
-
- retval = snprintf(buf, 4096, "%s\n", buffer);
-
- free_page((unsigned long)user);
- return retval;
-}
-
-static ssize_t trustedlistadd_write_file (struct tpe_list *list,
const char *buf,
-size_t count)
-{
- int retval;
- unsigned long add_candidate;
-
- add_candidate = simple_strtoul(buf, NULL, 10);
-
- printk(KERN_INFO "value of add_candidate is %d.\n", (int)add_candidate);
- spin_lock(&tpe_acl_lock);
- retval = tpe_add(add_candidate);
- spin_unlock(&tpe_acl_lock);
- if (retval) {
- return retval;
- }
- return count;
-
-}
-
-struct tpefs_attribute tpefs_listadd_attr = {
- .attr = {.name = "add", .mode = S_IFREG | S_IRUGO | S_IWUSR},
- .show = trustedlistadd_read_file,
- .store = trustedlistadd_write_file
-};
-
-static ssize_t trustedlistdel_write_file (struct tpe_list *list,
const char *buf,
-size_t count)
-{
- int retval;
- unsigned long rem_candidate;
-
- rem_candidate = simple_strtoul(buf, NULL, 10);
-
- printk(KERN_INFO "value of rem_candidate is %d.\n", (int)rem_candidate);
- spin_lock(&tpe_acl_lock);
- retval = tpe_remove(rem_candidate);
- spin_unlock(&tpe_acl_lock);
- if (retval) {
- return retval;
- }
- return count;
-
-}
-
-struct tpefs_attribute tpefs_listdel_attr = {
- .attr = {.name = "del", .mode = S_IFREG | S_IRUGO | S_IWUSR},
- .store = trustedlistdel_write_file
-};
-
-/* Module code */
-
-static int tpe_bprm_set_security (struct linux_binprm *bprm)
-{
- uid_t pthuid = bprm->file->f_dentry->d_parent->d_inode->i_uid;
- mode_t pthmode = bprm->file->f_dentry->d_parent->d_inode->i_mode;
- if((!TRUSTED_PATH(pthmode, pthuid)) && (!TRUSTED_USER(current->euid))) {
- printk (KERN_INFO "An attempt to run an executable "
- "by an untrusted user was made in an untrusted "
- "path. Access denied.\n");
- return -EACCES;
- }
- return 0;
-}
-
-struct security_operations tpe_security_ops = {
- bprm_set_security: tpe_bprm_set_security,
-};
-
-#if defined(CONFIG_SECURITY_TPE_MODULE)
-#define MY_NAME THIS_MODULE->name
-#else
-#define MY_NAME "tpe"
-#endif
-
-static int __init tpe_module_init (void)
-{
- int retval;
- /* register ourselves with the security framework */
- if (register_security (&tpe_security_ops)) {
- printk (KERN_INFO
- "Failure registering tpe module with the kernel\n");
- /* try registering with primary module */
- if (mod_reg_security (MY_NAME, &tpe_security_ops)) {
- printk (KERN_INFO "Failure registering tpe module "
- "with primary security module.\n");
- return -EINVAL;
- }
- secondary = 1;
- }
-
- /* register tpe subsystem */
- printk(KERN_INFO "registering tpe subsystem.\n");
- retval = subsystem_register(&tpefs_subsys);
- if (retval) {
- printk(KERN_INFO "subsystem_register failed with %d\n", retval);
- return retval;
- }
-
- sysfs_create_file(&tpefs_subsys.kset.kobj, &tpefs_listadd_attr.attr);
- sysfs_create_file(&tpefs_subsys.kset.kobj, &tpefs_listdel_attr.attr);
-
- printk(KERN_INFO "tpe LSM initialized\n");
- tpe_init();
- printk(KERN_INFO "Trusted path execution initialized.\n");
- return 0;
-}
-
-static void __exit tpe_exit (void)
-{
- sysfs_remove_file(&tpefs_subsys.kset.kobj, &tpefs_listadd_attr.attr);
- sysfs_remove_file(&tpefs_subsys.kset.kobj, &tpefs_listdel_attr.attr);
- subsystem_unregister(&tpefs_subsys);
-
- /* remove ourselves from the security framework */
- if (secondary) {
- if (mod_unreg_security (MY_NAME, &tpe_security_ops))
- printk (KERN_INFO "Failure unregistering tpe module "
- "with primary module.\n");
- return;
- }
-
- if (unregister_security (&tpe_security_ops)) {
- printk (KERN_INFO
- "Failure unregistering tpe module with the kernel\n");
- }
- printk(KERN_INFO "tpe LSM removed\n");
-
-}
-
-module_init (tpe_module_init);
-module_exit (tpe_exit);
-
-MODULE_DESCRIPTION("LSM implementation of Trusted Path Execution");
-MODULE_LICENSE("Dual BSD/GPL");
diff -Naur linux-2.6.8tpe/security/tpe.h linux-2.6.8/security/tpe.h
--- linux-2.6.8tpe/security/tpe.h 2004-10-08 12:49:20.000000000 -0700
+++ linux-2.6.8/security/tpe.h 1969-12-31 16:00:00.000000000 -0800
@@ -1,112 +0,0 @@
-/*
- * Trusted path ACL implementation created as a Loadable Security Module.
- * This project is an abstraction of the original Trusted Path Execution
- * patch to OpenBSD, which was created by route|daemon9 and Mike Schiffman.
- * For the original OpenBSD write-up, see Phrack Magazine, issue 54,
- * article 6 at http://www.phrack.com.
- *
- * A path is considered trusted if the parent directory is owned by root
- * and is neither group nor world writeable. A user is considered trusted
- * if she/he is on the kernels trust list, as created by this module. An
- * untrusted user attempting to run an executable in an untrusted path
- * will be denied execution.
- *
- * Copyright (c) 1998 route|daemon9 and Mike D. Schiffman
- * Copyright (c) 2003 IBM Corp. <narahimi@private>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * Alternatively, this program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.*
- */
-
-#ifndef __TPE_H
-#define __TPE_H
-
-#include <linux/types.h>
-#include <asm/uaccess.h>
-
-/*
- * syscall stuff
- */
-#define TPE_ACL_SIZE 82 /* Maximum number of users in the list
- * plus two. This was an original
- * component of TPE. This will be
- * fixed later on.
- */
-
-#define TPE_INITIALIZER -1 /* A UID that isn't used */
-
-#define ACK 1 /* positive acknowledgement */
-#define NACK -1 /* negative acknowledgement */
-#define DUP 3 /* duplicate id return for tpe_add */
-
-/*
- * Verify the path.
- */
-#define TRUSTED_PATH(mode, uid) \
-(!(mode & (S_IWGRP | S_IWOTH)) && (uid == 0))
-
-static uid_t tpe_acl[TPE_ACL_SIZE]; /* trusted user list */
-static int tpe_acl_candidates; /* number of users on the list */
-
-/*
- * Verify the user. This macro is passed the user's ID from the
- * tpe_bprm_set_security hook.
- */
-
-#define TRUSTED_USER(UID) (tpe_verify(UID) == ACK)
-
-/* Initialize the array with default values (TPE_INITIALIZER). */
-
-static inline void tpe_init (void)
-{
- memset(tpe_acl, TPE_INITIALIZER, sizeof(uid_t) * TPE_ACL_SIZE);
- printk(KERN_INFO "tpe_acl list created\n");
- tpe_acl_candidates = 1;
- tpe_acl[0] = 0;
-}
-
-/* Locate a uid in the list */
-static inline int tpe_search (uid_t candidate)
-{
- int i;
- for (i = 0; i < tpe_acl_candidates; i++) {
- if (candidate == tpe_acl[i]) {
- return i;
- }
- }
- return NACK;
-}
-
-/* Verify a candidate user. */
-static inline int tpe_verify (uid_t candidate)
-{
- if ((tpe_search(candidate)) != NACK) {
- return (ACK);
- }
- return (NACK);
-}
-#endif /* __TPE_H */
This archive was generated by hypermail 2.1.3 : Fri Oct 08 2004 - 14:48:16 PDT