* [BK PATCH] LSM changes for 2.5.52 @ 2002-12-18 23:19 Greg KH 2002-12-18 23:21 ` Greg KH 0 siblings, 1 reply; 5+ messages in thread From: Greg KH @ 2002-12-18 23:19 UTC (permalink / raw) To: torvalds; +Cc: linux-kernel, linux-security-module Here are some minor cleanups for the existing LSM code, and a capabilities patch from Bill Irwin. Please pull from: bk://lsm.bkbits.net/linus-2.5 thanks, greg k-h kernel/capability.c | 14 +++--- security/Kconfig | 7 ++- security/dummy.c | 108 --------------------------------------------------- security/root_plug.c | 3 + security/security.c | 8 +++ 5 files changed, 25 insertions(+), 115 deletions(-) ----- ChangeSet@1.901, 2002-12-18 15:10:25-08:00, greg@kroah.com LSM: update the copyright dates for my entry. security/dummy.c | 2 +- security/security.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) ------ ChangeSet@1.900, 2002-12-18 15:09:33-08:00, greg@kroah.com LSM: Fix up the description of the root_plug code to try to make it clearer. security/Kconfig | 7 +++++-- security/root_plug.c | 3 +++ 2 files changed, 8 insertions(+), 2 deletions(-) ------ ChangeSet@1.899, 2002-12-18 14:58:27-08:00, wli@holomorphy.com [PATCH] converting cap_set_pg() to for_each_task_pid() cap_set_pg() wants to find all processes in a given process group. This converts it to use for_each_task_pid(). kernel/capability.c | 14 ++++++++------ 1 files changed, 8 insertions(+), 6 deletions(-) ------ ChangeSet@1.898, 2002-12-18 14:57:38-08:00, greg@kroah.com LSM: changed the dummy code to use the default operations logic. security/dummy.c | 106 ---------------------------------------------------- security/security.c | 6 ++ 2 files changed, 7 insertions(+), 105 deletions(-) ------ ^ permalink raw reply [flat|nested] 5+ messages in thread
* [BK PATCH] LSM changes for 2.5.52 2002-12-18 23:19 [BK PATCH] LSM changes for 2.5.52 Greg KH @ 2002-12-18 23:21 ` Greg KH 2002-12-18 23:27 ` [PATCH] " Greg KH 0 siblings, 1 reply; 5+ messages in thread From: Greg KH @ 2002-12-18 23:21 UTC (permalink / raw) To: linux-kernel, linux-security-module ChangeSet 1.898, 2002/12/18 14:57:38-08:00, greg@kroah.com LSM: changed the dummy code to use the default operations logic. diff -Nru a/security/dummy.c b/security/dummy.c --- a/security/dummy.c Wed Dec 18 15:13:41 2002 +++ b/security/dummy.c Wed Dec 18 15:13:41 2002 @@ -542,111 +542,7 @@ return -EINVAL; } -struct security_operations dummy_security_ops = { - .ptrace = dummy_ptrace, - .capget = dummy_capget, - .capset_check = dummy_capset_check, - .capset_set = dummy_capset_set, - .acct = dummy_acct, - .capable = dummy_capable, - .quotactl = dummy_quotactl, - .quota_on = dummy_quota_on, - - .bprm_alloc_security = dummy_bprm_alloc_security, - .bprm_free_security = dummy_bprm_free_security, - .bprm_compute_creds = dummy_bprm_compute_creds, - .bprm_set_security = dummy_bprm_set_security, - .bprm_check_security = dummy_bprm_check_security, - - .sb_alloc_security = dummy_sb_alloc_security, - .sb_free_security = dummy_sb_free_security, - .sb_statfs = dummy_sb_statfs, - .sb_mount = dummy_sb_mount, - .sb_check_sb = dummy_sb_check_sb, - .sb_umount = dummy_sb_umount, - .sb_umount_close = dummy_sb_umount_close, - .sb_umount_busy = dummy_sb_umount_busy, - .sb_post_remount = dummy_sb_post_remount, - .sb_post_mountroot = dummy_sb_post_mountroot, - .sb_post_addmount = dummy_sb_post_addmount, - .sb_pivotroot = dummy_sb_pivotroot, - .sb_post_pivotroot = dummy_sb_post_pivotroot, - - .inode_alloc_security = dummy_inode_alloc_security, - .inode_free_security = dummy_inode_free_security, - .inode_create = dummy_inode_create, - .inode_post_create = dummy_inode_post_create, - .inode_link = dummy_inode_link, - .inode_post_link = dummy_inode_post_link, - .inode_unlink = dummy_inode_unlink, - .inode_symlink = dummy_inode_symlink, - .inode_post_symlink = dummy_inode_post_symlink, - .inode_mkdir = dummy_inode_mkdir, - .inode_post_mkdir = dummy_inode_post_mkdir, - .inode_rmdir = dummy_inode_rmdir, - .inode_mknod = dummy_inode_mknod, - .inode_post_mknod = dummy_inode_post_mknod, - .inode_rename = dummy_inode_rename, - .inode_post_rename = dummy_inode_post_rename, - .inode_readlink = dummy_inode_readlink, - .inode_follow_link = dummy_inode_follow_link, - .inode_permission = dummy_inode_permission, - .inode_permission_lite = dummy_inode_permission_lite, - .inode_setattr = dummy_inode_setattr, - .inode_getattr = dummy_inode_getattr, - .inode_post_lookup = dummy_inode_post_lookup, - .inode_delete = dummy_inode_delete, - .inode_setxattr = dummy_inode_setxattr, - .inode_getxattr = dummy_inode_getxattr, - .inode_listxattr = dummy_inode_listxattr, - .inode_removexattr = dummy_inode_removexattr, - - .file_permission = dummy_file_permission, - .file_alloc_security = dummy_file_alloc_security, - .file_free_security = dummy_file_free_security, - .file_ioctl = dummy_file_ioctl, - .file_mmap = dummy_file_mmap, - .file_mprotect = dummy_file_mprotect, - .file_lock = dummy_file_lock, - .file_fcntl = dummy_file_fcntl, - .file_set_fowner = dummy_file_set_fowner, - .file_send_sigiotask = dummy_file_send_sigiotask, - .file_receive = dummy_file_receive, - - .task_create = dummy_task_create, - .task_alloc_security = dummy_task_alloc_security, - .task_free_security = dummy_task_free_security, - .task_setuid = dummy_task_setuid, - .task_post_setuid = dummy_task_post_setuid, - .task_setgid = dummy_task_setgid, - .task_setpgid = dummy_task_setpgid, - .task_getpgid = dummy_task_getpgid, - .task_getsid = dummy_task_getsid, - .task_setgroups = dummy_task_setgroups, - .task_setnice = dummy_task_setnice, - .task_setrlimit = dummy_task_setrlimit, - .task_setscheduler = dummy_task_setscheduler, - .task_getscheduler = dummy_task_getscheduler, - .task_wait = dummy_task_wait, - .task_kill = dummy_task_kill, - .task_prctl = dummy_task_prctl, - .task_kmod_set_label = dummy_task_kmod_set_label, - .task_reparent_to_init = dummy_task_reparent_to_init, - - .ipc_permission = dummy_ipc_permission, - - .msg_queue_alloc_security = dummy_msg_queue_alloc_security, - .msg_queue_free_security = dummy_msg_queue_free_security, - - .shm_alloc_security = dummy_shm_alloc_security, - .shm_free_security = dummy_shm_free_security, - - .sem_alloc_security = dummy_sem_alloc_security, - .sem_free_security = dummy_sem_free_security, - - .register_security = dummy_register_security, - .unregister_security = dummy_unregister_security, -}; +struct security_operations dummy_security_ops; #define set_to_dummy_if_null(ops, function) \ do { \ diff -Nru a/security/security.c b/security/security.c --- a/security/security.c Wed Dec 18 15:13:41 2002 +++ b/security/security.c Wed Dec 18 15:13:41 2002 @@ -48,6 +48,12 @@ printk (KERN_INFO "Security Scaffold v" SECURITY_SCAFFOLD_VERSION " initialized\n"); + if (verify (&dummy_security_ops)) { + printk (KERN_ERR "%s could not verify " + "dummy_security_ops structure.\n", __FUNCTION__); + return -EIO; + } + security_ops = &dummy_security_ops; return 0; ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] LSM changes for 2.5.52 2002-12-18 23:21 ` Greg KH @ 2002-12-18 23:27 ` Greg KH 2002-12-18 23:28 ` Greg KH 0 siblings, 1 reply; 5+ messages in thread From: Greg KH @ 2002-12-18 23:27 UTC (permalink / raw) To: linux-kernel, linux-security-module ChangeSet 1.899, 2002/12/18 14:58:27-08:00, wli@holomorphy.com [PATCH] converting cap_set_pg() to for_each_task_pid() cap_set_pg() wants to find all processes in a given process group. This converts it to use for_each_task_pid(). diff -Nru a/kernel/capability.c b/kernel/capability.c --- a/kernel/capability.c Wed Dec 18 15:13:37 2002 +++ b/kernel/capability.c Wed Dec 18 15:13:37 2002 @@ -84,13 +84,15 @@ kernel_cap_t *inheritable, kernel_cap_t *permitted) { - task_t *g, *target; + task_t *g, *target; + struct list_head *l; + struct pid *pid; - do_each_thread(g, target) { - if (target->pgrp != pgrp) - continue; - security_capset_set(target, effective, inheritable, permitted); - } while_each_thread(g, target); + for_each_task_pid(pgrp, PIDTYPE_PGID, g, l, pid) { + target = g; + while_each_thread(g, target) + security_capset_set(target, effective, inheritable, permitted); + } } /* ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] LSM changes for 2.5.52 2002-12-18 23:27 ` [PATCH] " Greg KH @ 2002-12-18 23:28 ` Greg KH 2002-12-18 23:29 ` Greg KH 0 siblings, 1 reply; 5+ messages in thread From: Greg KH @ 2002-12-18 23:28 UTC (permalink / raw) To: linux-kernel, linux-security-module ChangeSet 1.900, 2002/12/18 15:09:33-08:00, greg@kroah.com LSM: Fix up the description of the root_plug code to try to make it clearer. diff -Nru a/security/Kconfig b/security/Kconfig --- a/security/Kconfig Wed Dec 18 15:13:33 2002 +++ b/security/Kconfig Wed Dec 18 15:13:33 2002 @@ -27,8 +27,11 @@ depends on SECURITY!=n help This is a sample LSM module that should only be used as such. - It enables control over processes being created by root users - if a specific USB device is not present in the system. + It prevents any programs running with egid == 0 if a specific + USB device is not present in the system. + + See <http://www.linuxjournal.com/article.php?sid=6279> for + more information about this module. If you are unsure how to answer this question, answer N. diff -Nru a/security/root_plug.c b/security/root_plug.c --- a/security/root_plug.c Wed Dec 18 15:13:33 2002 +++ b/security/root_plug.c Wed Dec 18 15:13:33 2002 @@ -13,6 +13,9 @@ * If you want to turn this into something with a semblance of security, * you need to hook the task_* functions also. * + * See http://www.linuxjournal.com/article.php?sid=6279 for more information + * about this code. + * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation, version 2 of the ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] LSM changes for 2.5.52 2002-12-18 23:28 ` Greg KH @ 2002-12-18 23:29 ` Greg KH 0 siblings, 0 replies; 5+ messages in thread From: Greg KH @ 2002-12-18 23:29 UTC (permalink / raw) To: linux-kernel, linux-security-module ChangeSet 1.901, 2002/12/18 15:10:25-08:00, greg@kroah.com LSM: update the copyright dates for my entry. diff -Nru a/security/dummy.c b/security/dummy.c --- a/security/dummy.c Wed Dec 18 15:13:29 2002 +++ b/security/dummy.c Wed Dec 18 15:13:29 2002 @@ -3,7 +3,7 @@ * security model is loaded. * * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> - * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> + * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com> * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> * * This program is free software; you can redistribute it and/or modify diff -Nru a/security/security.c b/security/security.c --- a/security/security.c Wed Dec 18 15:13:29 2002 +++ b/security/security.c Wed Dec 18 15:13:29 2002 @@ -2,7 +2,7 @@ * Security plug functions * * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> - * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> + * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com> * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> * * This program is free software; you can redistribute it and/or modify ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2002-12-18 23:25 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2002-12-18 23:19 [BK PATCH] LSM changes for 2.5.52 Greg KH 2002-12-18 23:21 ` Greg KH 2002-12-18 23:27 ` [PATCH] " Greg KH 2002-12-18 23:28 ` Greg KH 2002-12-18 23:29 ` Greg KH
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.