From: James Morris <jmorris@namei.org>
To: Chris Wright <chrisw@sous-sol.org>
Cc: Ingo Molnar <mingo@elte.hu>, Oleg Nesterov <oleg@redhat.com>,
Roland McGrath <roland@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org, Al Viro <viro@ZenIV.linux.org.uk>,
linux-security-module@vger.kernel.org
Subject: Re: security: rename ptrace_may_access => ptrace_access_check
Date: Thu, 25 Jun 2009 00:19:16 +1000 (EST) [thread overview]
Message-ID: <alpine.LRH.2.00.0906250018370.20443@tundra.namei.org> (raw)
In-Reply-To: <alpine.LRH.2.00.0905071951530.29219@tundra.namei.org>
This has now been applied to
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next
On Thu, 7 May 2009, James Morris wrote:
> On Thu, 7 May 2009, Chris Wright wrote:
>
> > * Ingo Molnar (mingo@elte.hu) wrote:
>
> [Added LSM list to the CC; please do so whenever making changes in this
> area...]
>
> > > They have no active connection to the core kernel
> > > ptrace_may_access() check in any case:
> >
> > Not sure what you mean:
> >
> > ptrace_may_access
> > __ptrace_may_access
> > security_ptrace_may_access
> >
> > Looks like your patch won't compile.
> >
>
> Below is an updated version which fixes the bug, against
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next
>
> Boot tested with SELinux.
>
> commit c4c79671177dc3e8387c337f75f3c664cdf08838
> Author: Ingo Molnar <mingo@elte.hu>
> Date: Thu May 7 19:26:19 2009 +1000
>
> security: rename ptrace_may_access => ptrace_access_check
>
> The ->ptrace_may_access() methods are named confusingly - the real
> ptrace_may_access() returns a bool, while these security checks have
> a retval convention.
>
> Rename it to ptrace_access_check, to reduce the confusion factor.
>
> [ Impact: cleanup, no code changed ]
>
> Signed-off-by: Ingo Molnar <mingo@elte.hu>
> Signed-off-by: James Morris <jmorris@namei.org>
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 54ed157..0147def 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -51,7 +51,7 @@ struct audit_krule;
> extern int cap_capable(struct task_struct *tsk, const struct cred *cred,
> int cap, int audit);
> extern int cap_settime(struct timespec *ts, struct timezone *tz);
> -extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode);
> +extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
> extern int cap_ptrace_traceme(struct task_struct *parent);
> extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
> extern int cap_capset(struct cred *new, const struct cred *old,
> @@ -1208,7 +1208,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
> * @alter contains the flag indicating whether changes are to be made.
> * Return 0 if permission is granted.
> *
> - * @ptrace_may_access:
> + * @ptrace_access_check:
> * Check permission before allowing the current process to trace the
> * @child process.
> * Security modules may also want to perform a process tracing check
> @@ -1223,7 +1223,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
> * Check that the @parent process has sufficient permission to trace the
> * current process before allowing the current process to present itself
> * to the @parent process for tracing.
> - * The parent process will still have to undergo the ptrace_may_access
> + * The parent process will still have to undergo the ptrace_access_check
> * checks before it is allowed to trace this one.
> * @parent contains the task_struct structure for debugger process.
> * Return 0 if permission is granted.
> @@ -1335,7 +1335,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
> struct security_operations {
> char name[SECURITY_NAME_MAX + 1];
>
> - int (*ptrace_may_access) (struct task_struct *child, unsigned int mode);
> + int (*ptrace_access_check) (struct task_struct *child, unsigned int mode);
> int (*ptrace_traceme) (struct task_struct *parent);
> int (*capget) (struct task_struct *target,
> kernel_cap_t *effective,
> @@ -1616,7 +1616,7 @@ extern int security_module_enable(struct security_operations *ops);
> extern int register_security(struct security_operations *ops);
>
> /* Security operations */
> -int security_ptrace_may_access(struct task_struct *child, unsigned int mode);
> +int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
> int security_ptrace_traceme(struct task_struct *parent);
> int security_capget(struct task_struct *target,
> kernel_cap_t *effective,
> @@ -1797,10 +1797,10 @@ static inline int security_init(void)
> return 0;
> }
>
> -static inline int security_ptrace_may_access(struct task_struct *child,
> +static inline int security_ptrace_access_check(struct task_struct *child,
> unsigned int mode)
> {
> - return cap_ptrace_may_access(child, mode);
> + return cap_ptrace_access_check(child, mode);
> }
>
> static inline int security_ptrace_traceme(struct task_struct *parent)
> diff --git a/kernel/ptrace.c b/kernel/ptrace.c
> index c9cf48b..284d0ac 100644
> --- a/kernel/ptrace.c
> +++ b/kernel/ptrace.c
> @@ -160,7 +160,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
> if (!dumpable && !capable(CAP_SYS_PTRACE))
> return -EPERM;
>
> - return security_ptrace_may_access(task, mode);
> + return security_ptrace_access_check(task, mode);
> }
>
> bool ptrace_may_access(struct task_struct *task, unsigned int mode)
> diff --git a/security/capability.c b/security/capability.c
> index 21b6cea..f218dd3 100644
> --- a/security/capability.c
> +++ b/security/capability.c
> @@ -863,7 +863,7 @@ struct security_operations default_security_ops = {
>
> void security_fixup_ops(struct security_operations *ops)
> {
> - set_to_cap_if_null(ops, ptrace_may_access);
> + set_to_cap_if_null(ops, ptrace_access_check);
> set_to_cap_if_null(ops, ptrace_traceme);
> set_to_cap_if_null(ops, capget);
> set_to_cap_if_null(ops, capset);
> diff --git a/security/commoncap.c b/security/commoncap.c
> index 97ac1f1..e57611a 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -101,7 +101,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz)
> }
>
> /**
> - * cap_ptrace_may_access - Determine whether the current process may access
> + * cap_ptrace_access_check - Determine whether the current process may access
> * another
> * @child: The process to be accessed
> * @mode: The mode of attachment.
> @@ -109,7 +109,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz)
> * Determine whether a process may access another, returning 0 if permission
> * granted, -ve if denied.
> */
> -int cap_ptrace_may_access(struct task_struct *child, unsigned int mode)
> +int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
> {
> int ret = 0;
>
> diff --git a/security/root_plug.c b/security/root_plug.c
> index 40fb4f1..e8d5861 100644
> --- a/security/root_plug.c
> +++ b/security/root_plug.c
> @@ -72,7 +72,7 @@ static int rootplug_bprm_check_security (struct linux_binprm *bprm)
>
> static struct security_operations rootplug_security_ops = {
> /* Use the capability functions for some of the hooks */
> - .ptrace_may_access = cap_ptrace_may_access,
> + .ptrace_access_check = cap_ptrace_access_check,
> .ptrace_traceme = cap_ptrace_traceme,
> .capget = cap_capget,
> .capset = cap_capset,
> diff --git a/security/security.c b/security/security.c
> index 206e538..a3e6918 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -127,9 +127,9 @@ int register_security(struct security_operations *ops)
>
> /* Security operations */
>
> -int security_ptrace_may_access(struct task_struct *child, unsigned int mode)
> +int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
> {
> - return security_ops->ptrace_may_access(child, mode);
> + return security_ops->ptrace_access_check(child, mode);
> }
>
> int security_ptrace_traceme(struct task_struct *parent)
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 39046dd..e30c4bb 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1854,12 +1854,12 @@ static inline u32 open_file_to_av(struct file *file)
>
> /* Hook functions begin here. */
>
> -static int selinux_ptrace_may_access(struct task_struct *child,
> +static int selinux_ptrace_access_check(struct task_struct *child,
> unsigned int mode)
> {
> int rc;
>
> - rc = cap_ptrace_may_access(child, mode);
> + rc = cap_ptrace_access_check(child, mode);
> if (rc)
> return rc;
>
> @@ -5310,7 +5310,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
> static struct security_operations selinux_ops = {
> .name = "selinux",
>
> - .ptrace_may_access = selinux_ptrace_may_access,
> + .ptrace_access_check = selinux_ptrace_access_check,
> .ptrace_traceme = selinux_ptrace_traceme,
> .capget = selinux_capget,
> .capset = selinux_capset,
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index f557767..79949f9 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -91,7 +91,7 @@ struct inode_smack *new_inode_smack(char *smack)
> */
>
> /**
> - * smack_ptrace_may_access - Smack approval on PTRACE_ATTACH
> + * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
> * @ctp: child task pointer
> * @mode: ptrace attachment mode
> *
> @@ -99,13 +99,13 @@ struct inode_smack *new_inode_smack(char *smack)
> *
> * Do the capability checks, and require read and write.
> */
> -static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode)
> +static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
> {
> int rc;
> struct smk_audit_info ad;
> char *sp, *tsp;
>
> - rc = cap_ptrace_may_access(ctp, mode);
> + rc = cap_ptrace_access_check(ctp, mode);
> if (rc != 0)
> return rc;
>
> @@ -3031,7 +3031,7 @@ static void smack_release_secctx(char *secdata, u32 seclen)
> struct security_operations smack_ops = {
> .name = "smack",
>
> - .ptrace_may_access = smack_ptrace_may_access,
> + .ptrace_access_check = smack_ptrace_access_check,
> .ptrace_traceme = smack_ptrace_traceme,
> .capget = cap_capget,
> .capset = cap_capset,
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
James Morris
<jmorris@namei.org>
next prev parent reply other threads:[~2009-06-24 14:20 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-05 22:47 [PATCH 3/3] ptrace: do not use task_lock() for attach Oleg Nesterov
2009-05-06 2:08 ` Roland McGrath
2009-05-06 8:00 ` [RFC PATCH 3/3a] ptrace: add _ptrace_may_access() Ingo Molnar
2009-05-06 20:32 ` Roland McGrath
2009-05-06 20:47 ` Christoph Hellwig
2009-05-06 21:09 ` Roland McGrath
2009-05-07 8:19 ` Ingo Molnar
2009-05-07 8:17 ` Ingo Molnar
2009-05-06 23:53 ` Oleg Nesterov
2009-05-07 0:21 ` Roland McGrath
2009-05-07 6:36 ` Oleg Nesterov
2009-05-07 8:20 ` Ingo Molnar
2009-05-07 8:31 ` Oleg Nesterov
2009-05-07 8:38 ` Ingo Molnar
2009-05-07 8:49 ` [patch] security: rename ptrace_may_access => ptrace_access_check Ingo Molnar
2009-05-07 9:19 ` Oleg Nesterov
2009-05-07 9:27 ` Ingo Molnar
2009-05-07 8:57 ` [RFC PATCH 3/3a] ptrace: add _ptrace_may_access() Chris Wright
2009-05-07 9:04 ` Ingo Molnar
2009-05-07 9:20 ` Chris Wright
2009-05-07 9:54 ` James Morris
2009-05-07 10:20 ` your mail Ingo Molnar
2009-05-07 11:37 ` security: rename ptrace_may_access => ptrace_access_check James Morris
2009-05-07 14:17 ` Ingo Molnar
2009-06-23 14:14 ` Oleg Nesterov
2009-06-23 17:49 ` Christoph Hellwig
2009-06-23 19:24 ` [PATCH 0/1] mm_for_maps: simplify, use ptrace_may_access() Oleg Nesterov
2009-06-23 19:25 ` [PATCH 1/1] " Oleg Nesterov
2009-06-24 3:06 ` Serge E. Hallyn
2009-06-24 14:21 ` James Morris
2009-06-24 9:25 ` Roland McGrath
2009-06-24 14:37 ` Oleg Nesterov
2009-06-24 1:08 ` security: rename ptrace_may_access => ptrace_access_check James Morris
2009-05-08 3:27 ` your mail Casey Schaufler
2009-06-24 14:19 ` James Morris [this message]
2009-05-07 9:31 ` [RFC PATCH 3/3a] ptrace: add _ptrace_may_access() Ingo Molnar
2009-05-07 9:49 ` [patch 1/2] ptrace, security: rename ptrace_may_access => ptrace_access_check Ingo Molnar
2009-05-07 18:47 ` Roland McGrath
2009-05-07 19:55 ` Andrew Morton
2009-05-11 13:39 ` Ingo Molnar
2009-05-11 18:51 ` Andrew Morton
2009-05-15 1:10 ` Américo Wang
2009-05-15 19:34 ` Ingo Molnar
2009-05-07 9:50 ` [patch 2/2] ptrace: turn ptrace_access_check() into a retval function Ingo Molnar
2009-05-07 18:47 ` Roland McGrath
2009-05-06 22:46 ` [PATCH 3/3] ptrace: do not use task_lock() for attach Chris Wright
2009-05-06 23:13 ` Oleg Nesterov
2009-05-06 23:27 ` Chris Wright
2009-05-06 23:48 ` James Morris
2009-05-07 1:17 ` Roland McGrath
2009-05-08 12:18 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LRH.2.00.0906250018370.20443@tundra.namei.org \
--to=jmorris@namei.org \
--cc=akpm@linux-foundation.org \
--cc=chrisw@sous-sol.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=oleg@redhat.com \
--cc=roland@redhat.com \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.