From: Michael Halcrow <mhalcrow@us.ibm.com>
To: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Cc: Andrew Morton <akpm@osdl.org>, Michael Halcrow <mhalcrow@us.ibm.com>
Subject: [PATCH] BSD Secure Levels: claim block dev in file struct rather than inode struct, 2.6.11-rc2-mm1 (3/8)
Date: Mon, 7 Feb 2005 13:31:30 -0600 [thread overview]
Message-ID: <20050207193129.GB834@halcrow.us> (raw)
In-Reply-To: <20050207192108.GA776@halcrow.us>
[-- Attachment #1: Type: text/plain, Size: 353 bytes --]
This is the third in a series of eight patches to the BSD Secure
Levels LSM. It moves the claim on the block device from the inode
struct to the file struct in order to address a potential
circumvention of the control via hard links to block devices. Thanks
to Serge Hallyn for pointing this out.
Signed off by: Michael Halcrow <mhalcrow@us.ibm.com>
[-- Attachment #2: seclvl_bd_claim.patch --]
[-- Type: text/plain, Size: 3656 bytes --]
Index: linux-2.6.11-rc2-mm1-modules/security/seclvl.c
===================================================================
--- linux-2.6.11-rc2-mm1-modules.orig/security/seclvl.c 2005-02-03 15:36:43.925683472 -0600
+++ linux-2.6.11-rc2-mm1-modules/security/seclvl.c 2005-02-03 16:41:55.075098384 -0600
@@ -487,46 +487,35 @@
return 0;
}
-/* claim the blockdev to exclude mounters, release on file close */
-static int seclvl_bd_claim(struct inode *inode)
+/**
+ * Claim the blockdev to exclude mounters; release on file close.
+ */
+static int seclvl_bd_claim(struct file * filp)
{
int holder;
struct block_device *bdev = NULL;
- dev_t dev = inode->i_rdev;
+ dev_t dev = filp->f_dentry->d_inode->i_rdev;
bdev = open_by_devnum(dev, FMODE_WRITE);
if (bdev) {
if (bd_claim(bdev, &holder)) {
blkdev_put(bdev);
return -EPERM;
}
- /* claimed, mark it to release on close */
- inode->i_security = current;
+ /* Claimed; mark it to release on close */
+ filp->f_security = current;
}
return 0;
}
-/* release the blockdev if you claimed it */
-static void seclvl_bd_release(struct inode *inode)
-{
- if (inode && S_ISBLK(inode->i_mode) && inode->i_security == current) {
- struct block_device *bdev = inode->i_bdev;
- if (bdev) {
- bd_release(bdev);
- blkdev_put(bdev);
- inode->i_security = NULL;
- }
- }
-}
-
/**
* Security for writes to block devices is regulated by this seclvl
* function. Deny all writes to block devices in seclvl 2. In
* seclvl 1, we only deny writes to *mounted* block devices.
*/
-static int
-seclvl_inode_permission(struct inode *inode, int mask, struct nameidata *nd)
+static int seclvl_file_permission(struct file * filp, int mask)
{
- if (current->pid != 1 && S_ISBLK(inode->i_mode) && (mask & MAY_WRITE)) {
+ if (current->pid != 1 && S_ISBLK(filp->f_dentry->d_inode->i_mode)
+ && (mask & MAY_WRITE)) {
switch (seclvl) {
case 2:
seclvl_printk(1, KERN_WARNING "%s: Write to block "
@@ -534,7 +523,7 @@
__FUNCTION__, seclvl);
return -EPERM;
case 1:
- if (seclvl_bd_claim(inode)) {
+ if (seclvl_bd_claim(filp)) {
seclvl_printk(1, KERN_WARNING "%s: Write to "
"mounted block device denied in "
"secure level [%d]\n",
@@ -549,7 +538,7 @@
/**
* The SUID and SGID bits cannot be set in seclvl >= 1
*/
-static int seclvl_inode_setattr(struct dentry *dentry, struct iattr *iattr)
+static int seclvl_inode_setattr(struct dentry * dentry, struct iattr * iattr)
{
if (seclvl > 0) {
if (dentry && dentry->d_inode
@@ -599,15 +588,23 @@
return 0;
}
-/* release busied block devices */
-static void seclvl_file_free_security(struct file *filp)
+/**
+ * Release busied block devices.
+ */
+static void seclvl_file_free_security(struct file * filp)
{
- struct dentry *dentry = filp->f_dentry;
- struct inode *inode = NULL;
-
- if (dentry) {
- inode = dentry->d_inode;
- seclvl_bd_release(inode);
+ struct dentry * dentry = filp->f_dentry;
+ if (dentry && (filp->f_mode & FMODE_WRITE)) {
+ struct inode * inode = dentry->d_inode;
+ if (inode && S_ISBLK(inode->i_mode)
+ && filp->f_security == current) {
+ struct block_device *bdev = inode->i_bdev;
+ if (bdev) {
+ bd_release(bdev);
+ blkdev_put(bdev);
+ filp->f_security = NULL;
+ }
+ }
}
}
@@ -630,7 +627,7 @@
static struct security_operations seclvl_ops = {
.ptrace = seclvl_ptrace,
.capable = seclvl_capable,
- .inode_permission = seclvl_inode_permission,
+ .file_permission = seclvl_file_permission,
.inode_setattr = seclvl_inode_setattr,
.inode_mknod = seclvl_inode_mknod,
.inode_create = seclvl_inode_create,
next prev parent reply other threads:[~2005-02-07 19:44 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-07 19:21 [PATCH] BSD Secure Levels: printk overhaul, 2.6.11-rc2-mm1 (1/8) Michael Halcrow
2005-02-07 19:30 ` [PATCH] BSD Secure Levels: suid/sgid on directories; open/mknod issue, 2.6.11-rc2-mm1 (2/8) Michael Halcrow
2005-02-07 19:31 ` Michael Halcrow [this message]
2005-02-07 22:26 ` [PATCH] BSD Secure Levels: claim block dev in file struct rather than inode struct, 2.6.11-rc2-mm1 (3/8) Chris Wright
2005-02-07 22:41 ` Valdis.Kletnieks
2005-02-08 1:48 ` David Wagner
2005-02-08 2:10 ` Valdis.Kletnieks
2005-02-08 2:20 ` Chris Wright
2005-02-08 3:15 ` Valdis.Kletnieks
2005-02-08 14:33 ` David Wagner
2005-02-07 22:42 ` Valdis.Kletnieks
2005-02-08 17:24 ` Michael Halcrow
2005-02-08 17:47 ` Valdis.Kletnieks
2005-02-08 20:08 ` Serge E. Hallyn
2005-02-08 23:38 ` Chris Wright
2005-02-07 19:32 ` [PATCH] BSD Secure Levels: memory alloc failure check, 2.6.11-rc2-mm1 (4/8) Michael Halcrow
2005-02-07 19:34 ` [PATCH] BSD Secure Levels: allow setuid/setgid on process if root, 2.6.11-rc2-mm1 (5/8) Michael Halcrow
2005-02-07 19:35 ` [PATCH] BSD Secure Levels: nits, 2.6.11-rc2-mm1 (6/8) Michael Halcrow
2005-02-08 23:43 ` Chris Wright
2005-02-07 19:36 ` [PATCH] BSD Secure Levels: comment cleanups, 2.6.11-rc2-mm1 (7/8) Michael Halcrow
2005-02-07 19:37 ` [PATCH] BSD Secure Levels: remove ptrace, 2.6.11-rc2-mm1 (8/8) Michael Halcrow
2005-02-10 21:59 ` [PATCH] BSD Secure Levels: printk overhaul, 2.6.11-rc2-mm1 (1/8) Matt Mackall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050207193129.GB834@halcrow.us \
--to=mhalcrow@us.ibm.com \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.