Re: [PATCH] Process Attribute API for Security Modules 2.5.69

From: Stephen Smalley (sds@epoch.ncsc.mil)
Date: Fri May 16 2003 - 15:08:26 EST


This patch, relative to the /proc/pid/attr patch against 2.5.69, fixes
the mode values of the /proc/pid/attr nodes to avoid interference by the
normal Linux access checks for these nodes (and also fixes the
/proc/pid/attr/prev mode to reflect its read-only nature). Otherwise,
when the dumpable flag is cleared by a set[ug]id or unreadable
executable, a process will lose the ability to set its own attributes
via writes to /proc/pid/attr due to a DAC failure (/proc/pid inodes are
assigned the root uid/gid if the task is not dumpable, and the original
mode only permitted the owner to write). The security module should
implement appropriate permission checking in its [gs]etprocattr hook
functions. In the case of SELinux, the setprocattr hook function only
allows a process to write to its own /proc/pid/attr nodes as well as
imposing other policy-based restrictions, and the getprocattr hook
function performs a permission check between the security labels of the
current process and target process to determine whether the operation is
permitted.

 base.c | 8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

Index: linux-2.5/fs/proc/base.c
===================================================================
RCS file: /home/pal/CVS/linux-2.5/fs/proc/base.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- linux-2.5/fs/proc/base.c 14 May 2003 12:05:37 -0000 1.11
+++ linux-2.5/fs/proc/base.c 16 May 2003 18:34:39 -0000 1.12
@@ -99,10 +99,10 @@
 };
 #ifdef CONFIG_SECURITY
 static struct pid_entry attr_stuff[] = {
- E(PROC_PID_ATTR_CURRENT, "current", S_IFREG|S_IRUGO|S_IWUSR),
- E(PROC_PID_ATTR_PREV, "prev", S_IFREG|S_IRUGO|S_IWUSR),
- E(PROC_PID_ATTR_EXEC, "exec", S_IFREG|S_IRUGO|S_IWUSR),
- E(PROC_PID_ATTR_FSCREATE, "fscreate", S_IFREG|S_IRUGO|S_IWUSR),
+ E(PROC_PID_ATTR_CURRENT, "current", S_IFREG|S_IRUGO|S_IWUGO),
+ E(PROC_PID_ATTR_PREV, "prev", S_IFREG|S_IRUGO),
+ E(PROC_PID_ATTR_EXEC, "exec", S_IFREG|S_IRUGO|S_IWUGO),
+ E(PROC_PID_ATTR_FSCREATE, "fscreate", S_IFREG|S_IRUGO|S_IWUGO),
   {0,0,NULL,0}
 };
 #endif

 

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Fri May 23 2003 - 22:00:25 EST