Re: [PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic
Quoting Richard Guy Briggs (r...@redhat.com): > On 2017-08-25 15:58, James Morris wrote: > > On Wed, 23 Aug 2017, Richard Guy Briggs wrote: > > > > > Introduce inline root_privileged() to make use of SECURE_NONROOT > > > easier to read. > > > > > > Suggested-by: Serge Hallyn > > > Signed-off-by: Richard Guy Briggs > > > --- > > > security/commoncap.c |9 + > > > 1 files changed, 5 insertions(+), 4 deletions(-) > > > > Acked-by: James Morris > > Does anyone have the appetite to move this helper function to > include/linux/securebits.h along with issecure() to make it more widely > available? If it's going to have wider scope, then it probably needs to be renamed to be unambiguous in any context. root_implies_privilege or uid0_is_privileged maybe? Maybe root_privileged() is ok... -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
Re: [PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic
On 2017-08-25 15:58, James Morris wrote: > On Wed, 23 Aug 2017, Richard Guy Briggs wrote: > > > Introduce inline root_privileged() to make use of SECURE_NONROOT > > easier to read. > > > > Suggested-by: Serge Hallyn > > Signed-off-by: Richard Guy Briggs > > --- > > security/commoncap.c |9 + > > 1 files changed, 5 insertions(+), 4 deletions(-) > > Acked-by: James Morris Does anyone have the appetite to move this helper function to include/linux/securebits.h along with issecure() to make it more widely available? > James Morris - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
Re: [PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic
Quoting Richard Guy Briggs (r...@redhat.com):
> Introduce inline root_privileged() to make use of SECURE_NONROOT
> easier to read.
>
> Suggested-by: Serge Hallyn
Reviewed-by: Serge Hallyn
> Signed-off-by: Richard Guy Briggs
> ---
> security/commoncap.c |9 +
> 1 files changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/security/commoncap.c b/security/commoncap.c
> index 028d4e4..36c38a1 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -481,13 +481,13 @@ static int get_file_caps(struct linux_binprm *bprm,
> bool *effective, bool *has_f
> return rc;
> }
>
> +static inline bool root_privileged(void) { return !issecure(SECURE_NOROOT); }
> +
> void handle_privileged_root(struct linux_binprm *bprm, bool has_fcap, bool
> *effective, kuid_t root_uid)
> {
> const struct cred *old = current_cred();
> struct cred *new = bprm->cred;
>
> - if (issecure(SECURE_NOROOT))
> - return;
> /*
>* If the legacy file capability is set, then don't set privs
>* for a setuid root binary run by a non-root user. Do set it
> @@ -544,7 +544,8 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
>
> root_uid = make_kuid(new->user_ns, 0);
>
> - handle_privileged_root(bprm, has_fcap, &effective, root_uid);
> + if (root_privileged())
> + handle_privileged_root(bprm, has_fcap, &effective, root_uid);
>
> /* if we have fs caps, clear dangerous personality flags */
> if (cap_gained(permitted, new, old))
> @@ -612,7 +613,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
> if (cap_grew(effective, ambient, new)) {
> if (!cap_full(effective, new) ||
> !uid_eq(new->euid, root_uid) || !uid_eq(new->uid, root_uid)
> ||
> - issecure(SECURE_NOROOT)) {
> + !root_privileged()) {
> ret = audit_log_bprm_fcaps(bprm, new, old);
> if (ret < 0)
> return ret;
> --
> 1.7.1
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Re: [PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic
On Wed, 23 Aug 2017, Richard Guy Briggs wrote: > Introduce inline root_privileged() to make use of SECURE_NONROOT > easier to read. > > Suggested-by: Serge Hallyn > Signed-off-by: Richard Guy Briggs > --- > security/commoncap.c |9 + > 1 files changed, 5 insertions(+), 4 deletions(-) Acked-by: James Morris -- James Morris -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
[PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic
Introduce inline root_privileged() to make use of SECURE_NONROOT
easier to read.
Suggested-by: Serge Hallyn
Signed-off-by: Richard Guy Briggs
---
security/commoncap.c |9 +
1 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/security/commoncap.c b/security/commoncap.c
index 028d4e4..36c38a1 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -481,13 +481,13 @@ static int get_file_caps(struct linux_binprm *bprm, bool
*effective, bool *has_f
return rc;
}
+static inline bool root_privileged(void) { return !issecure(SECURE_NOROOT); }
+
void handle_privileged_root(struct linux_binprm *bprm, bool has_fcap, bool
*effective, kuid_t root_uid)
{
const struct cred *old = current_cred();
struct cred *new = bprm->cred;
- if (issecure(SECURE_NOROOT))
- return;
/*
* If the legacy file capability is set, then don't set privs
* for a setuid root binary run by a non-root user. Do set it
@@ -544,7 +544,8 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
root_uid = make_kuid(new->user_ns, 0);
- handle_privileged_root(bprm, has_fcap, &effective, root_uid);
+ if (root_privileged())
+ handle_privileged_root(bprm, has_fcap, &effective, root_uid);
/* if we have fs caps, clear dangerous personality flags */
if (cap_gained(permitted, new, old))
@@ -612,7 +613,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
if (cap_grew(effective, ambient, new)) {
if (!cap_full(effective, new) ||
!uid_eq(new->euid, root_uid) || !uid_eq(new->uid, root_uid)
||
- issecure(SECURE_NOROOT)) {
+ !root_privileged()) {
ret = audit_log_bprm_fcaps(bprm, new, old);
if (ret < 0)
return ret;
--
1.7.1
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
