[GIT Pull Request] Copy on write credentials for Linux [ver #4]
From: David Howells
Date: Thu Oct 23 2008 - 12:49:01 EST
Hi Linus,
These patches form the rest of the copy-on-write credentials code. You have
incorporated some of the patches, either directly or via other subsystem trees.
These patches are being used as the base for some other work - filesystem local
caching for instance - and a number of security projects are now using these as
a base too (TOMOYA for instance).
You might wish to incorporate these at the end of the window as the wrapper
patches may break other patches people have proposed. There's no way around
that, though the fixups are usually straightforward.
In summary, these patches detach the security info from the task_struct and put
it into its own struct with COW semantics. This allows execve() to be cleaned
up and allows cachefiles, nfsd, coredumping and faccessat() to override a
process's credentials without exposing the override to userspace. Multiple
simultaneous security changes (eg: setresuid and execve) now happen
instantaneously, and no intermediate state will be seen.
Documentation is added in its own patch, and the patches have been tested by
LTP's SELinux and syscalls tests.
Thanks,
David
---
The following changes since commit 9779a8325a9bbf4ccd3853e0e4064984cf9da9c9:
Linus Torvalds (1):
Merge branch 'for-upstream' of git://git.kernel.org/.../dvrabel/uwb
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/cred-2.6.git creds-v4
David Howells (77):
CRED: Wrap task credential accesses in the IA64 arch
CRED: Wrap task credential accesses in the MIPS arch
CRED: Wrap task credential accesses in the PA-RISC arch
CRED: Wrap task credential accesses in the PowerPC arch
CRED: Wrap task credential accesses in the S390 arch
CRED: Wrap task credential accesses in the x86 arch
CRED: Wrap task credential accesses in the block loopback driver
CRED: Wrap task credential accesses in the tty driver
CRED: Wrap task credential accesses in the ISDN drivers
CRED: Wrap task credential accesses in the network device drivers
CRED: Wrap task credential accesses in the USB driver
CRED: Wrap task credential accesses in 9P2000 filesystem
CRED: Wrap task credential accesses in the AFFS filesystem
CRED: Wrap task credential accesses in the autofs filesystem
CRED: Wrap task credential accesses in the autofs4 filesystem
CRED: Wrap task credential accesses in the BFS filesystem
CRED: Wrap task credential accesses in the CIFS filesystem
CRED: Wrap task credential accesses in the Coda filesystem
CRED: Wrap task credential accesses in the devpts filesystem
CRED: Wrap task credential accesses in the eCryptFS filesystem
CRED: Wrap task credential accesses in the Ext2 filesystem
CRED: Wrap task credential accesses in the Ext3 filesystem
CRED: Wrap task credential accesses in the Ext4 filesystem
CRED: Wrap task credential accesses in the FAT filesystem
CRED: Wrap task credential accesses in the FUSE filesystem
CRED: Wrap task credential accesses in the GFS2 filesystem
CRED: Wrap task credential accesses in the HFS filesystem
CRED: Wrap task credential accesses in the HFSplus filesystem
CRED: Wrap task credential accesses in the HPFS filesystem
CRED: Wrap task credential accesses in the hugetlbfs filesystem
CRED: Wrap task credential accesses in the JFS filesystem
CRED: Wrap task credential accesses in the Minix filesystem
CRED: Wrap task credential accesses in the NCPFS filesystem
CRED: Wrap task credential accesses in the NFS daemon
CRED: Wrap task credential accesses in the OCFS2 filesystem
CRED: Wrap task credential accesses in the OMFS filesystem
CRED: Wrap task credential accesses in the RAMFS filesystem
CRED: Wrap task credential accesses in the ReiserFS filesystem
CRED: Wrap task credential accesses in the SMBFS filesystem
CRED: Wrap task credential accesses in the SYSV filesystem
CRED: Wrap task credential accesses in the UBIFS filesystem
CRED: Wrap task credential accesses in the UDF filesystem
CRED: Wrap task credential accesses in the UFS filesystem
CRED: Wrap task credential accesses in the XFS filesystem
CRED: Wrap task credential accesses in the filesystem subsystem
CRED: Wrap task credential accesses in the SYSV IPC subsystem
CRED: Wrap task credential accesses in the AX25 protocol
CRED: Wrap task credential accesses in the IPv6 protocol
CRED: Wrap task credential accesses in the netrom protocol
CRED: Wrap task credential accesses in the ROSE protocol
CRED: Wrap task credential accesses in the SunRPC protocol
CRED: Wrap task credential accesses in the UNIX socket protocol
CRED: Wrap task credential accesses in the networking subsystem
CRED: Wrap task credential accesses in the key management code
CRED: Wrap task credential accesses in the capabilities code
CRED: Wrap task credential accesses in the core kernel
KEYS: Disperse linux/key_ui.h
KEYS: Alter use of key instantiation link-to-keyring argument
CRED: Neuter sys_capset()
CRED: Constify the kernel_cap_t arguments to the capset LSM hooks
CRED: Separate task security context from task_struct
CRED: Detach the credentials from task_struct
CRED: Wrap current->cred and a few other accessors
CRED: Use RCU to access another task's creds and to release a task's own creds
CRED: Wrap access to SELinux's task SID
CRED: Separate per-task-group keyrings from signal_struct
CRED: Rename is_single_threaded() to is_wq_single_threaded()
CRED: Make inode_has_perm() and file_has_perm() take a cred pointer
CRED: Pass credentials through dentry_open()
CRED: Inaugurate COW credentials
CRED: Make execve() take advantage of copy-on-write credentials
CRED: Prettify commoncap.c
CRED: Use creds in file structs
CRED: Documentation
CRED: Differentiate objective and effective subjective credentials on a task
CRED: Add a kernel_service object class to SELinux
CRED: Allow kernel services to override LSM settings for task actions
Documentation/credentials.txt | 582 +++++++++++++
arch/alpha/kernel/asm-offsets.c | 11 +-
arch/alpha/kernel/entry.S | 10 +-
arch/ia64/ia32/sys_ia32.c | 7 +-
arch/ia64/kernel/mca_drv.c | 2 +-
arch/ia64/kernel/perfmon.c | 43 +-
arch/ia64/kernel/signal.c | 4 +-
arch/mips/kernel/kspd.c | 4 +-
arch/mips/kernel/mips-mt-fpaff.c | 5 +-
arch/mips/kernel/vpe.c | 4 +-
arch/parisc/kernel/signal.c | 2 +-
arch/powerpc/mm/fault.c | 2 +-
arch/powerpc/platforms/cell/spufs/inode.c | 8 +-
arch/s390/hypfs/inode.c | 4 +-
arch/s390/kernel/compat_linux.c | 28 +-
arch/um/drivers/mconsole_kern.c | 3 +-
arch/x86/ia32/ia32_aout.c | 2 +-
arch/x86/mm/fault.c | 2 +-
drivers/block/loop.c | 6 +-
drivers/char/tty_audit.c | 6 +-
drivers/connector/cn_proc.c | 16 +-
drivers/isdn/capi/capifs.c | 4 +-
drivers/isdn/hysdn/hysdn_procconf.c | 6 +-
drivers/net/tun.c | 8 +-
drivers/usb/core/devio.c | 10 +-
drivers/usb/core/inode.c | 4 +-
fs/9p/fid.c | 2 +-
fs/9p/vfs_inode.c | 4 +-
fs/9p/vfs_super.c | 4 +-
fs/affs/inode.c | 4 +-
fs/affs/super.c | 4 +-
fs/anon_inodes.c | 4 +-
fs/attr.c | 4 +-
fs/autofs/inode.c | 4 +-
fs/autofs4/dev-ioctl.c | 3 +-
fs/autofs4/inode.c | 4 +-
fs/autofs4/waitq.c | 4 +-
fs/bfs/dir.c | 4 +-
fs/binfmt_aout.c | 2 +-
fs/binfmt_elf.c | 20 +-
fs/binfmt_elf_fdpic.c | 19 +-
fs/binfmt_flat.c | 2 +-
fs/binfmt_som.c | 2 +-
fs/cifs/cifs_fs_sb.h | 2 +-
fs/cifs/cifsproto.h | 2 +-
fs/cifs/connect.c | 4 +-
fs/cifs/dir.c | 12 +-
fs/cifs/inode.c | 8 +-
fs/cifs/ioctl.c | 2 +-
fs/cifs/misc.c | 4 +-
fs/coda/cache.c | 6 +-
fs/coda/file.c | 2 +-
fs/coda/upcall.c | 2 +-
fs/compat.c | 42 +-
fs/devpts/inode.c | 4 +-
fs/dquot.c | 4 +-
fs/ecryptfs/ecryptfs_kernel.h | 3 +-
fs/ecryptfs/kthread.c | 9 +-
fs/ecryptfs/main.c | 3 +-
fs/ecryptfs/messaging.c | 18 +-
fs/ecryptfs/miscdev.c | 20 +-
fs/exec.c | 183 +++--
fs/exportfs/expfs.c | 4 +-
fs/ext2/balloc.c | 2 +-
fs/ext2/ialloc.c | 4 +-
fs/ext3/balloc.c | 2 +-
fs/ext3/ialloc.c | 4 +-
fs/ext4/balloc.c | 5 +-
fs/ext4/ialloc.c | 4 +-
fs/fat/file.c | 2 +-
fs/fat/inode.c | 4 +-
fs/fcntl.c | 18 +-
fs/file_table.c | 10 +-
fs/fuse/dev.c | 4 +-
fs/fuse/dir.c | 25 +-
fs/gfs2/inode.c | 10 +-
fs/hfs/inode.c | 4 +-
fs/hfs/super.c | 4 +-
fs/hfsplus/inode.c | 4 +-
fs/hfsplus/options.c | 4 +-
fs/hpfs/namei.c | 24 +-
fs/hpfs/super.c | 4 +-
fs/hppfs/hppfs.c | 6 +-
fs/hugetlbfs/inode.c | 21 +-
fs/inotify_user.c | 2 +-
fs/internal.h | 6 +
fs/ioprio.c | 18 +-
fs/jfs/jfs_inode.c | 4 +-
fs/locks.c | 2 +-
fs/minix/bitmap.c | 4 +-
fs/namei.c | 10 +-
fs/namespace.c | 2 +-
fs/ncpfs/ioctl.c | 91 +--
fs/nfsctl.c | 3 +-
fs/nfsd/auth.c | 95 ++-
fs/nfsd/nfs4recover.c | 71 +-
fs/nfsd/nfsfh.c | 11 +-
fs/nfsd/vfs.c | 9 +-
fs/ocfs2/dlm/dlmfs.c | 8 +-
fs/ocfs2/namei.c | 4 +-
fs/omfs/inode.c | 8 +-
fs/open.c | 59 +-
fs/pipe.c | 4 +-
fs/posix_acl.c | 4 +-
fs/proc/array.c | 32 +-
fs/proc/base.c | 32 +-
fs/quota.c | 4 +-
fs/ramfs/inode.c | 4 +-
fs/reiserfs/namei.c | 4 +-
fs/smbfs/dir.c | 3 +-
fs/smbfs/inode.c | 2 +-
fs/smbfs/proc.c | 2 +-
fs/sysv/ialloc.c | 4 +-
fs/ubifs/budget.c | 2 +-
fs/ubifs/dir.c | 4 +-
fs/udf/ialloc.c | 4 +-
fs/udf/namei.c | 2 +-
fs/ufs/ialloc.c | 4 +-
fs/xfs/linux-2.6/xfs_cred.h | 6 +-
fs/xfs/linux-2.6/xfs_globals.h | 2 +-
fs/xfs/linux-2.6/xfs_ioctl.c | 5 +-
fs/xfs/xfs_acl.c | 6 +-
fs/xfs/xfs_inode.h | 2 +-
fs/xfs/xfs_vnodeops.h | 10 +-
include/keys/keyring-type.h | 31 +
include/linux/binfmts.h | 16 +-
include/linux/capability.h | 2 -
include/linux/cred.h | 340 +++++++-
include/linux/fs.h | 8 +-
include/linux/init_task.h | 13 +-
include/linux/key-ui.h | 66 --
include/linux/key.h | 32 +-
include/linux/keyctl.h | 4 +-
include/linux/sched.h | 64 +--
include/linux/securebits.h | 2 +-
include/linux/security.h | 326 ++++----
include/net/scm.h | 4 +-
init/main.c | 1 +
ipc/mqueue.c | 19 +-
ipc/shm.c | 9 +-
ipc/util.c | 18 +-
kernel/Makefile | 2 +-
kernel/acct.c | 7 +-
kernel/auditsc.c | 57 +-
kernel/capability.c | 268 +------
kernel/cgroup.c | 17 +-
kernel/cred-internals.h | 21 +
kernel/cred.c | 577 +++++++++++++
kernel/exit.c | 23 +-
kernel/fork.c | 44 +-
kernel/futex.c | 20 +-
kernel/futex_compat.c | 7 +-
kernel/kmod.c | 30 +-
kernel/ptrace.c | 29 +-
kernel/sched.c | 26 +-
kernel/signal.c | 60 +-
kernel/sys.c | 579 ++++++++------
kernel/sysctl.c | 2 +-
kernel/timer.c | 8 +-
kernel/trace/trace.c | 2 +-
kernel/tsacct.c | 6 +-
kernel/uid16.c | 31 +-
kernel/user.c | 37 +-
kernel/user_namespace.c | 14 +-
kernel/workqueue.c | 8 +-
lib/Makefile | 2 +-
lib/is_single_threaded.c | 45 +
mm/mempolicy.c | 9 +-
mm/migrate.c | 9 +-
mm/oom_kill.c | 6 +-
mm/shmem.c | 8 +-
net/9p/client.c | 2 +-
net/ax25/af_ax25.c | 2 +-
net/ax25/ax25_route.c | 2 +-
net/core/dev.c | 8 +-
net/core/scm.c | 10 +-
net/ipv4/netfilter/ipt_LOG.c | 4 +-
net/ipv6/ip6_flowlabel.c | 2 +-
net/ipv6/netfilter/ip6t_LOG.c | 4 +-
net/netfilter/nfnetlink_log.c | 5 +-
net/netfilter/xt_owner.c | 16 +-
net/netrom/af_netrom.c | 4 +-
net/rose/af_rose.c | 4 +-
net/rxrpc/ar-key.c | 6 +-
net/sched/cls_flow.c | 4 +-
net/socket.c | 4 +-
net/sunrpc/auth.c | 14 +-
net/unix/af_unix.c | 11 +-
security/capability.c | 56 +-
security/commoncap.c | 699 ++++++++++------
security/keys/internal.h | 47 +-
security/keys/key.c | 25 +-
security/keys/keyctl.c | 210 +++--
security/keys/keyring.c | 15 +-
security/keys/permission.c | 29 +-
security/keys/proc.c | 8 +-
security/keys/process_keys.c | 469 +++++------
security/keys/request_key.c | 133 ++--
security/keys/request_key_auth.c | 46 +-
security/root_plug.c | 13 +-
security/security.c | 96 +--
security/selinux/exports.c | 8 +-
security/selinux/hooks.c | 1151 ++++++++++++++------------
security/selinux/include/av_perm_to_string.h | 2 +
security/selinux/include/av_permissions.h | 2 +
security/selinux/include/class_to_string.h | 5 +
security/selinux/include/flask.h | 1 +
security/selinux/include/objsec.h | 11 -
security/selinux/selinuxfs.c | 13 +-
security/selinux/xfrm.c | 6 +-
security/smack/smack_access.c | 4 +-
security/smack/smack_lsm.c | 173 +++--
security/smack/smackfs.c | 6 +-
213 files changed, 5062 insertions(+), 3098 deletions(-)
create mode 100644 Documentation/credentials.txt
create mode 100644 include/keys/keyring-type.h
delete mode 100644 include/linux/key-ui.h
create mode 100644 kernel/cred-internals.h
create mode 100644 kernel/cred.c
create mode 100644 lib/is_single_threaded.c
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/