[PATCH 1/1] cr: safely restore a task's securebits

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 1/1] cr: safely restore a task's securebits
@ 2009-05-27 16:31 Serge E. Hallyn
  0 siblings, 0 replies; only message in thread
From: Serge E. Hallyn @ 2009-05-27 16:31 UTC (permalink / raw)
  To: orenl-r/Jw6+rmf7HQT0dZR+AlfA
  Cc: Linux Containers, David Howells, Alexey Dobriyan

As I started doing c/r of LSM credentials, I realized I wasn't
handling securebit yet with the current patchet.  This is on
top of the set I sent out yesterday, and if I'm sendng out another
full patchset then I'll integrate this back into the previous
patches.

Signed-off-by: Serge E. Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
---
 include/linux/capability.h     |    2 +
 include/linux/checkpoint_hdr.h |    1 +
 kernel/cred.c                  |    4 +++
 security/commoncap.c           |   52 +++++++++++++++++++++++++++-------------
 4 files changed, 42 insertions(+), 17 deletions(-)

diff --git a/include/linux/capability.h b/include/linux/capability.h
index 572b5a0..b3853ca 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -540,6 +540,8 @@ extern void checkpoint_save_cap(__u64 *dest, kernel_cap_t src);
 struct cred;
 extern int checkpoint_restore_cap(__u64 e, __u64 i, __u64 p, __u64 x,
 				struct cred *cred);
+extern void checkpoint_save_securebits(unsigned *, unsigned);
+extern int checkpoint_restore_securebits(unsigned, struct cred *);
 
 /**
  * has_capability - Determine if a task has a superior capability available
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 0bad447..7f65964 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -192,6 +192,7 @@ struct ckpt_hdr_cred {
 	__u32 version; /* especially since capability sets might grow */
 	__u32 uid, suid, euid, fsuid;
 	__u32 gid, sgid, egid, fsgid;
+	__u32 securebits;
 	__u64 cap_i, cap_p, cap_e;
 	__u64 cap_x;  /* bounding set ('X') */
 	__s32 user_ref;
diff --git a/kernel/cred.c b/kernel/cred.c
index c05192e..fe2941d 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -739,6 +739,7 @@ int checkpoint_write_cred(struct ckpt_ctx *ctx, const struct cred *cred)
 	checkpoint_save_cap(&h->cap_p, cred->cap_permitted);
 	checkpoint_save_cap(&h->cap_e, cred->cap_effective);
 	checkpoint_save_cap(&h->cap_x, cred->cap_bset);
+	checkpoint_save_securebits(&h->securebits, cred->securebits);
 
 	h->user_ref = user_ref;
 	h->groupinfo_ref = groupinfo_ref;
@@ -811,6 +812,9 @@ struct cred *restore_read_cred(struct ckpt_ctx *ctx)
 				cred);
 	if (ret)
 		goto err_putcred;
+	ret = checkpoint_restore_securebits(h->securebits, cred);
+	if (ret)
+		goto err_putcred;
 
 	ckpt_hdr_put(ctx, h);
 	return cred;
diff --git a/security/commoncap.c b/security/commoncap.c
index beac025..31ecd3d 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -804,6 +804,29 @@ int cap_task_setnice (struct task_struct *p, int nice)
 }
 #endif
 
+int cap_set_securebits(struct cred *new, unsigned securebits)
+{
+	if ((((new->securebits & SECURE_ALL_LOCKS) >> 1)
+	     & (new->securebits ^ securebits))				/*[1]*/
+	    || ((new->securebits & SECURE_ALL_LOCKS & ~securebits))	/*[2]*/
+	    || (securebits & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS))	/*[3]*/
+	    || (cap_capable(current, current_cred(), CAP_SETPCAP,
+			    SECURITY_CAP_AUDIT) != 0)			/*[4]*/
+		/*
+		 * [1] no changing of bits that are locked
+		 * [2] no unlocking of locks
+		 * [3] no setting of unsupported bits
+		 * [4] doing anything requires privilege (go read about
+		 *     the "sendmail capabilities bug")
+		 */
+	    )
+		/* cannot change a locked bit */
+		return -EPERM;
+	new->securebits = securebits;
+	return 0;
+}
+
+
 /**
  * cap_task_prctl - Implement process control functions for this security module
  * @option: The process control function requested
@@ -861,24 +884,9 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 	 * capability-based-privilege environment.
 	 */
 	case PR_SET_SECUREBITS:
-		error = -EPERM;
-		if ((((new->securebits & SECURE_ALL_LOCKS) >> 1)
-		     & (new->securebits ^ arg2))			/*[1]*/
-		    || ((new->securebits & SECURE_ALL_LOCKS & ~arg2))	/*[2]*/
-		    || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS))	/*[3]*/
-		    || (cap_capable(current, current_cred(), CAP_SETPCAP,
-				    SECURITY_CAP_AUDIT) != 0)		/*[4]*/
-			/*
-			 * [1] no changing of bits that are locked
-			 * [2] no unlocking of locks
-			 * [3] no setting of unsupported bits
-			 * [4] doing anything requires privilege (go read about
-			 *     the "sendmail capabilities bug")
-			 */
-		    )
-			/* cannot change a locked bit */
+		error = cap_set_securebits(new, arg2);
+		if (error)
 			goto error;
-		new->securebits = arg2;
 		goto changed;
 
 	case PR_GET_SECUREBITS:
@@ -921,6 +929,16 @@ error:
 	return error;
 }
 
+void checkpoint_save_securebits(unsigned *b, unsigned cred_securebits)
+{
+	*b = cred_securebits;
+}
+
+int checkpoint_restore_securebits(unsigned b, struct cred *cred)
+{
+	return cap_set_securebits(cred, b);
+}
+
 /**
  * cap_syslog - Determine whether syslog function is permitted
  * @type: Function requested
-- 
1.6.1

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2009-05-27 16:31 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-05-27 16:31 [PATCH 1/1] cr: safely restore a task's securebits Serge E. Hallyn

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.