From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752026AbbCKTZ7 (ORCPT ); Wed, 11 Mar 2015 15:25:59 -0400 Received: from emvm-gh1-uea08.nsa.gov ([63.239.67.9]:54239 "EHLO emvm-gh1-uea08.nsa.gov" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751247AbbCKTZ5 (ORCPT ); Wed, 11 Mar 2015 15:25:57 -0400 X-TM-IMSS-Message-ID: <80353d11001050b9@nsa.gov> Message-ID: <5500967A.3040203@tycho.nsa.gov> Date: Wed, 11 Mar 2015 15:24:42 -0400 From: Stephen Smalley Organization: National Security Agency User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Casey Schaufler , James Morris , James Morris , LSM , LKLM CC: Paul Moore , John Johansen , Tetsuo Handa , Eric Paris , Kees Cook Subject: Re: [PATCH 6/7 v21] LSM: Switch to lists of hooks References: <54FE4553.3000209@schaufler-ca.com> <54FE46EF.4000708@schaufler-ca.com> <5500708B.3050101@tycho.nsa.gov> <55008DD0.3030402@schaufler-ca.com> In-Reply-To: <55008DD0.3030402@schaufler-ca.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/11/2015 02:47 PM, Casey Schaufler wrote: > On 3/11/2015 9:42 AM, Stephen Smalley wrote: >> On 03/09/2015 09:20 PM, Casey Schaufler wrote: >>> Subject: [PATCH 6/7 v21] LSM: Switch to lists of hooks >>> >>> Instead of using a vector of security operations >>> with explicit, special case stacking of the capability >>> and yama hooks use lists of hooks with capability and >>> yama hooks included as appropriate. >>> >>> The security_operations structure is no longer required. >>> Instead, there is a union of the function pointers that >>> allows all the hooks lists to use a common mechanism for >>> list management while retaining typing. Each module >>> supplies an array describing the hooks it provides instead >>> of a sparsely populated security_operations structure. >>> The description includes the element that gets put on >>> the hook list, avoiding the issues surrounding individual >>> element allocation. >>> >>> The method for registering security modules is changed to >>> reflect the information available. The method for removing >>> a module, currently only used by SELinux, has also changed. >>> It should be generic now, however if there are potential >>> race conditions based on ordering of hook removal that needs >>> to be addressed by the calling module. >>> >>> The security hooks are called from the lists and the first >>> failure is returned. >>> >>> Signed-off-by: Casey Schaufler >>> >>> --- >>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c >>> index 0c45f08..3fd8610 100644 >>> --- a/security/selinux/hooks.c >>> +++ b/security/selinux/hooks.c >>> @@ -2008,24 +2002,12 @@ static int selinux_ptrace_access_check(struct task_struct *child, >>> >>> static int selinux_ptrace_traceme(struct task_struct *parent) >>> { >>> - int rc; >>> - >>> - rc = cap_ptrace_traceme(parent); >>> - if (rc) >>> - return rc; >>> - >>> return task_has_perm(parent, current, PROCESS__PTRACE); >>> } >>> >>> static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, >>> kernel_cap_t *inheritable, kernel_cap_t *permitted) >>> { >>> - int error; >>> - >>> - error = current_has_perm(target, PROCESS__GETCAP); >>> - if (error) >>> - return error; >>> - >>> return cap_capget(target, effective, inheritable, permitted); >> Deleted the wrong code here. >> >>> } >> And failed to delete the cap_capset() call from selinux_capset(), and >> the cap_capable() call from selinux_capable(), so we're calling that >> code twice after the patch. > > So I see. It was right in v19, but wrong in v20. I'll have an update quickly. Also looks like there is a residual cap_bprm_secureexec() call in security/apparmor/domain.c.