From: Tetsuo Handa <from-linux-kernel@i-love.sakura.ne.jp>
To: linux-kernel@vger.kernel.org
Subject: Re: Is CAP_SYS_ADMIN checked by every program !?
Date: Thu, 30 Dec 2004 22:37:08 +0900 [thread overview]
Message-ID: <200412302236.DGE46722.PSVOYJLMtGOMFFStN@i-love.sakura.ne.jp> (raw)
In-Reply-To: <200412291347.JEH41956.OOtStPFFNMLJVGMYS@i-love.sakura.ne.jp>
Hello,
Bernd Eckenfels wrote:
> You can add dump_stack(void) from kernel.h to you patch, since there are not
> many sources for SYS_ADMIN capabilities checks in the kernel. You will
> quickly find the syscall in question.
Oh, this is exactly what I need.
And the following is the results of these tow lines.
printk("\n[%s]\n", current->comm);
dump_stack();
[ls]
[<c01e1852>] cap_vm_enough_memory+0x82/0x1f0
[<c0156dcd>] setup_arg_pages+0x9d/0x230
[<c0174373>] load_elf_binary+0x473/0xca0
[<c01334e7>] __alloc_pages+0xa7/0x360
[<c0156bdd>] copy_strings+0x1dd/0x200
[<c0157b00>] search_binary_handler+0x50/0x170
[<c0157d9e>] do_execve+0x17e/0x210
[<c01010bc>] sys_execve+0x3c/0x80
[<c010246d>] sysenter_past_esp+0x52/0x75
[cat]
[<c01e1852>] cap_vm_enough_memory+0x82/0x1f0
[<c0156dcd>] setup_arg_pages+0x9d/0x230
[<c0174373>] load_elf_binary+0x473/0xca0
[<c01334e7>] __alloc_pages+0xa7/0x360
[<c0156bdd>] copy_strings+0x1dd/0x200
[<c0157b00>] search_binary_handler+0x50/0x170
[<c0157d9e>] do_execve+0x17e/0x210
[<c01010bc>] sys_execve+0x3c/0x80
[<c010246d>] sysenter_past_esp+0x52/0x75
[tcsh]
[<c01e1852>] cap_vm_enough_memory+0x82/0x1f0
[<c0112c1e>] copy_mm+0x17e/0x360
[<c0113686>] copy_process+0x406/0x9c0
[<c0113d45>] do_fork+0x75/0x1ad
[<c01e753e>] copy_to_user+0x3e/0x50
[<c011f85e>] sys_rt_sigprocmask+0xae/0x100
[<c010103c>] sys_clone+0x3c/0x40
[<c010246d>] sysenter_past_esp+0x52/0x75
[sed]
[<c01e1852>] cap_vm_enough_memory+0x82/0x1f0
[<c0156dcd>] setup_arg_pages+0x9d/0x230
[<c0174373>] load_elf_binary+0x473/0xca0
[<c01334e7>] __alloc_pages+0xa7/0x360
[<c0156bdd>] copy_strings+0x1dd/0x200
[<c0157b00>] search_binary_handler+0x50/0x170
[<c0157d9e>] do_execve+0x17e/0x210
[<c01010bc>] sys_execve+0x3c/0x80
[<c010246d>] sysenter_past_esp+0x52/0x75
[klogd]
[<c01e179c>] cap_syslog+0x4c/0x80
[<c011445d>] do_syslog+0x2d/0x380
[<c0127640>] autoremove_wake_function+0x0/0x60
[<c011cb84>] update_process_times+0x44/0x50
[<c0127640>] autoremove_wake_function+0x0/0x60
[<c014cda6>] vfs_read+0x116/0x160
[<c014d0b1>] sys_read+0x51/0x80
[<c010246d>] sysenter_past_esp+0x52/0x75
The function which calls capable(CAP_SYS_ADMIN) is
cap_vm_enough_memory() defined in security/commoncap.c ,
and this function is called whenever sys_execve() is called.
Therefore, it seemed to me that every program calls capable(CAP_SYS_ADMIN).
Thank you very much.
--
Tetsuo Handa
prev parent reply other threads:[~2004-12-30 13:39 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-29 4:47 Is CAP_SYS_ADMIN checked by every program !? Tetsuo Handa
2004-12-30 3:52 ` Walter Liu
2004-12-30 4:45 ` Bernd Eckenfels
2004-12-30 5:35 ` Kyle Moffett
2004-12-30 5:46 ` Valdis.Kletnieks
2004-12-30 6:13 ` Bernd Eckenfels
2004-12-30 7:40 ` Tetsuo Handa
2004-12-30 8:24 ` Bernd Eckenfels
2005-01-03 13:52 ` Stephen Smalley
2004-12-30 13:37 ` Tetsuo Handa [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200412302236.DGE46722.PSVOYJLMtGOMFFStN@i-love.sakura.ne.jp \
--to=from-linux-kernel@i-love.sakura.ne.jp \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).