[PATCH 2/2 v2] pci: use security_capable() when checking capablities during config space read

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Chris Wright <chrisw@sous-sol.org>
To: James Morris <jmorris@namei.org>
Cc: Chris Wright <chrisw@sous-sol.org>,
	linux-kernel@vger.kernel.org,
	Jesse Barnes <jbarnes@virtuousgeek.org>,
	Eric Paris <eparis@redhat.com>, Don Dutile <ddutile@redhat.com>,
	Greg Kroah-Hartman <gregkh@suse.de>,
	Alan Cox <alan@lxorguk.ukuu.org.uk>,
	linux-pci@vger.kernel.org
Subject: [PATCH 2/2 v2] pci: use security_capable() when checking capablities during config space read
Date: Thu, 10 Feb 2011 15:58:56 -0800	[thread overview]
Message-ID: <20110210235856.GD9869@sequoia.sous-sol.org> (raw)
In-Reply-To: <alpine.LRH.2.00.1102101915000.20298@tundra.namei.org>

* James Morris (jmorris@namei.org) wrote:
> What about these other users of cap_raised?
> 
> drivers/block/drbd/drbd_nl.c:   if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) {
> drivers/md/dm-log-userspace-transfer.c: if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN))
> drivers/staging/pohmelfs/config.c:      if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN))
> drivers/video/uvesafb.c:        if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN))

Those are a security_netlink_recv() variant.  They should be converted
although makes sense as a different patchset.

> Also, should this have a reported-by for Eric ?

Yes it should, thanks.  Below is patch with Reported-by added (seemed
overkill to respin the series; holler if that's perferred).

thanks,
-chris
---

From: Chris Wright <chrisw@sous-sol.org>
Subject: [PATCH 2/2 v2] pci: use security_capable() when checking capablities during config space read

Eric Paris noted that commit de139a3 ("pci: check caps from sysfs file
open to read device dependent config space") caused the capability check
to bypass security modules and potentially auditing.  Rectify this by
calling security_capable() when checking the open file's capabilities
for config space reads.

Reported-by: Eric Paris <eparis@redhat.com>
Cc: Eric Paris <eparis@redhat.com>
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: linux-pci@vger.kernel.org
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
---
 drivers/pci/pci-sysfs.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 8ecaac9..f7771f3 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -23,6 +23,7 @@
 #include <linux/mm.h>
 #include <linux/fs.h>
 #include <linux/capability.h>
+#include <linux/security.h>
 #include <linux/pci-aspm.h>
 #include <linux/slab.h>
 #include "pci.h"
@@ -368,7 +369,7 @@ pci_read_config(struct file *filp, struct kobject *kobj,
 	u8 *data = (u8*) buf;
 
 	/* Several chips lock up trying to read undefined config space */
-	if (cap_raised(filp->f_cred->cap_effective, CAP_SYS_ADMIN)) {
+	if (security_capable(filp->f_cred, CAP_SYS_ADMIN)) {
 		size = dev->cfg_size;
 	} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
 		size = 128;

next prev parent reply	other threads:[~2011-02-10 23:59 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-02-10  6:11 [PATCH 0/2] pci: refer to LSM when accessing device dependent config space Chris Wright
2011-02-10  6:11 ` [PATCH 1/2] security: add cred argument to security_capable() Chris Wright
2011-02-10 13:43   ` Serge E. Hallyn
2011-02-10 16:01   ` Casey Schaufler
2011-02-10 16:08     ` Chris Wright
2011-02-10 16:25       ` Casey Schaufler
2011-02-10  6:11 ` [PATCH 2/2] pci: use security_capable() when checking capablities during config space read Chris Wright
2011-02-10  8:23   ` James Morris
2011-02-10 23:58     ` Chris Wright [this message]
2011-02-14 17:14       ` [PATCH 2/2 v2] " Eric Paris
2011-03-04 18:25       ` Jesse Barnes
2011-02-11  7:01 ` [PATCH 0/2] pci: refer to LSM when accessing device dependent config space James Morris

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8ecaac9 dfblob:f7771f3 )
 OR (
bs:"pci: use security_capable() when checking capablities during config space read" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110210235856.GD9869@sequoia.sous-sol.org \
    --to=chrisw@sous-sol.org \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=ddutile@redhat.com \
    --cc=eparis@redhat.com \
    --cc=gregkh@suse.de \
    --cc=jbarnes@virtuousgeek.org \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pci@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.