From: Stephen Smalley <sds@epoch.ncsc.mil>
To: Andrew Morton <akpm@digeo.com>,
Alexander Viro <viro@parcelfarce.linux.theplanet.co.uk>,
lkml <linux-kernel@vger.kernel.org>,
lsm <linux-security-module@wirex.com>
Subject: Re: [PATCH] Process Attribute API for Security Modules 2.5.69
Date: 16 May 2003 16:08:26 -0400 [thread overview]
Message-ID: <1053115706.4729.913.camel@moss-huskers.epoch.ncsc.mil> (raw)
In-Reply-To: <1052319765.1044.60.camel@moss-huskers.epoch.ncsc.mil>
This patch, relative to the /proc/pid/attr patch against 2.5.69, fixes
the mode values of the /proc/pid/attr nodes to avoid interference by the
normal Linux access checks for these nodes (and also fixes the
/proc/pid/attr/prev mode to reflect its read-only nature). Otherwise,
when the dumpable flag is cleared by a set[ug]id or unreadable
executable, a process will lose the ability to set its own attributes
via writes to /proc/pid/attr due to a DAC failure (/proc/pid inodes are
assigned the root uid/gid if the task is not dumpable, and the original
mode only permitted the owner to write). The security module should
implement appropriate permission checking in its [gs]etprocattr hook
functions. In the case of SELinux, the setprocattr hook function only
allows a process to write to its own /proc/pid/attr nodes as well as
imposing other policy-based restrictions, and the getprocattr hook
function performs a permission check between the security labels of the
current process and target process to determine whether the operation is
permitted.
base.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
Index: linux-2.5/fs/proc/base.c
===================================================================
RCS file: /home/pal/CVS/linux-2.5/fs/proc/base.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- linux-2.5/fs/proc/base.c 14 May 2003 12:05:37 -0000 1.11
+++ linux-2.5/fs/proc/base.c 16 May 2003 18:34:39 -0000 1.12
@@ -99,10 +99,10 @@
};
#ifdef CONFIG_SECURITY
static struct pid_entry attr_stuff[] = {
- E(PROC_PID_ATTR_CURRENT, "current", S_IFREG|S_IRUGO|S_IWUSR),
- E(PROC_PID_ATTR_PREV, "prev", S_IFREG|S_IRUGO|S_IWUSR),
- E(PROC_PID_ATTR_EXEC, "exec", S_IFREG|S_IRUGO|S_IWUSR),
- E(PROC_PID_ATTR_FSCREATE, "fscreate", S_IFREG|S_IRUGO|S_IWUSR),
+ E(PROC_PID_ATTR_CURRENT, "current", S_IFREG|S_IRUGO|S_IWUGO),
+ E(PROC_PID_ATTR_PREV, "prev", S_IFREG|S_IRUGO),
+ E(PROC_PID_ATTR_EXEC, "exec", S_IFREG|S_IRUGO|S_IWUGO),
+ E(PROC_PID_ATTR_FSCREATE, "fscreate", S_IFREG|S_IRUGO|S_IWUGO),
{0,0,NULL,0}
};
#endif
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
prev parent reply other threads:[~2003-05-16 19:56 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-06 16:13 [PATCH] Process Attribute API for Security Modules 2.5.69 Stephen Smalley
2003-05-06 21:01 ` Andrew Morton
2003-05-07 10:50 ` viro
2003-05-07 15:02 ` Stephen Smalley
2003-05-08 12:12 ` Andreas Gruenbacher
2003-05-08 13:19 ` viro
2003-05-16 20:08 ` Stephen Smalley [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1053115706.4729.913.camel@moss-huskers.epoch.ncsc.mil \
--to=sds@epoch.ncsc.mil \
--cc=akpm@digeo.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).