From: "Andrew G. Morgan" <morgan@kernel.org>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: Re: [PATCH 5/6] file capabilities: remove needless inline functions
Date: Fri, 26 Sep 2008 21:39:17 -0700 [thread overview]
Message-ID: <48DDB8F5.7040208@kernel.org> (raw)
In-Reply-To: <06b2774a667bc535442305193417ff1a479ef1aa.1222451103.git.serue@us.ibm.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Serge,
I'd much rather simply remove the target argument from the
security_capset_check() call. Relying on the caller to not do something
bad seems fragile... If the code internally operates on current only,
then it doesn't need a target argument... No? (Evidently, such a change
is also needed to selinux_capset_check() too, but this doesn't look like
it will pose a problem for the selinux code.)
Cheers
Andrew
Serge E. Hallyn wrote:
> cap_limit_ptraced_target always returns 1, so nix it.
>
> cap_block_setpcap can't return 1 any more, because
> kernel/capabilities.c:sys_capset() will return -EPERM
> if it is called on a task other than current, and will
> never get to cap_capset_check.
>
> This brings the vmlinux size with my config down another
> 16 bytes (making up for the 8 byte increase from the
> last patch).
>
> Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
> ---
> security/commoncap.c | 22 +++-------------------
> 1 files changed, 3 insertions(+), 19 deletions(-)
>
> diff --git a/security/commoncap.c b/security/commoncap.c
> index d48fdd8..e5afb7c 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -93,15 +93,6 @@ int cap_capget (struct task_struct *target, kernel_cap_t *effective,
> return 0;
> }
>
> -static inline int cap_block_setpcap(struct task_struct *target)
> -{
> - /*
> - * No support for remote process capability manipulation with
> - * filesystem capability support.
> - */
> - return (target != current);
> -}
> -
> static inline int cap_inh_is_capped(void)
> {
> /*
> @@ -112,14 +103,9 @@ static inline int cap_inh_is_capped(void)
> return (cap_capable(current, CAP_SETPCAP) != 0);
> }
>
> -static inline int cap_limit_ptraced_target(void) { return 1; }
> -
> int cap_capset_check (struct task_struct *target, kernel_cap_t *effective,
> kernel_cap_t *inheritable, kernel_cap_t *permitted)
> {
> - if (cap_block_setpcap(target)) {
> - return -EPERM;
> - }
> if (cap_inh_is_capped()
> && !cap_issubset(*inheritable,
> cap_combine(target->cap_inheritable,
> @@ -343,11 +329,9 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
> bprm->e_uid = current->uid;
> bprm->e_gid = current->gid;
> }
> - if (cap_limit_ptraced_target()) {
> - bprm->cap_post_exec_permitted = cap_intersect(
> - bprm->cap_post_exec_permitted,
> - current->cap_permitted);
> - }
> + bprm->cap_post_exec_permitted = cap_intersect(
> + bprm->cap_post_exec_permitted,
> + current->cap_permitted);
> }
> }
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI3bjz+bHCR3gb8jsRAqJpAJ9Ca1pADkG5BnGoOVZA+EmZbuRPfgCgoQ95
ljvsvj7Ssp+0mXDuCy0/TnU=
=79ni
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2008-09-27 4:40 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-27 2:27 [PATCH 0/6] file capabilities cleanups: introduction Serge E. Hallyn
2008-09-27 2:27 ` [PATCH 1/6] file capabilities: add no_file_caps switch (v3) Serge E. Hallyn
2008-09-27 2:27 ` [PATCH 2/6] file capabilities: remove CONFIG_SECURITY_FILE_CAPABILITIES Serge E. Hallyn
2008-09-27 4:25 ` Andrew G. Morgan
2008-09-27 2:27 ` [PATCH 3/6] file capabilities: uninline cap_safe_nice Serge E. Hallyn
2008-09-27 4:26 ` Andrew G. Morgan
2008-09-27 5:27 ` James Morris
2008-09-27 2:27 ` [PATCH 4/6] file capabilities: clean up setcap code Serge E. Hallyn
2008-09-27 4:58 ` Andrew G. Morgan
2008-09-27 13:43 ` Serge E. Hallyn
2008-09-27 2:27 ` [PATCH 5/6] file capabilities: remove needless inline functions Serge E. Hallyn
2008-09-27 4:39 ` Andrew G. Morgan [this message]
2008-09-27 13:40 ` Serge E. Hallyn
2008-09-29 21:53 ` Serge E. Hallyn
2008-09-27 2:27 ` [PATCH 6/6] file capabilities: remove needless (?) bprm_clear_caps calls Serge E. Hallyn
2008-09-27 2:27 ` Serge E. Hallyn
2008-09-27 2:27 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48DDB8F5.7040208@kernel.org \
--to=morgan@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.