Re: [PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic
Quoting Richard Guy Briggs (r...@redhat.com): > On 2017-08-25 15:58, James Morris wrote: > > On Wed, 23 Aug 2017, Richard Guy Briggs wrote: > > > > > Introduce inline root_privileged() to make use of SECURE_NONROOT > > > easier to read. > > > > > > Suggested-by: Serge Hallyn > > > Signed-off-by: Richard Guy Briggs > > > --- > > > security/commoncap.c |9 + > > > 1 files changed, 5 insertions(+), 4 deletions(-) > > > > Acked-by: James Morris > > Does anyone have the appetite to move this helper function to > include/linux/securebits.h along with issecure() to make it more widely > available? If it's going to have wider scope, then it probably needs to be renamed to be unambiguous in any context. root_implies_privilege or uid0_is_privileged maybe? Maybe root_privileged() is ok... -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
Re: [PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic
On 2017-08-25 15:58, James Morris wrote: > On Wed, 23 Aug 2017, Richard Guy Briggs wrote: > > > Introduce inline root_privileged() to make use of SECURE_NONROOT > > easier to read. > > > > Suggested-by: Serge Hallyn > > Signed-off-by: Richard Guy Briggs > > --- > > security/commoncap.c |9 + > > 1 files changed, 5 insertions(+), 4 deletions(-) > > Acked-by: James Morris Does anyone have the appetite to move this helper function to include/linux/securebits.h along with issecure() to make it more widely available? > James Morris - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
Re: [PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic
Quoting Richard Guy Briggs (r...@redhat.com): > Introduce inline root_privileged() to make use of SECURE_NONROOT > easier to read. > > Suggested-by: Serge Hallyn Reviewed-by: Serge Hallyn > Signed-off-by: Richard Guy Briggs > --- > security/commoncap.c |9 + > 1 files changed, 5 insertions(+), 4 deletions(-) > > diff --git a/security/commoncap.c b/security/commoncap.c > index 028d4e4..36c38a1 100644 > --- a/security/commoncap.c > +++ b/security/commoncap.c > @@ -481,13 +481,13 @@ static int get_file_caps(struct linux_binprm *bprm, > bool *effective, bool *has_f > return rc; > } > > +static inline bool root_privileged(void) { return !issecure(SECURE_NOROOT); } > + > void handle_privileged_root(struct linux_binprm *bprm, bool has_fcap, bool > *effective, kuid_t root_uid) > { > const struct cred *old = current_cred(); > struct cred *new = bprm->cred; > > - if (issecure(SECURE_NOROOT)) > - return; > /* >* If the legacy file capability is set, then don't set privs >* for a setuid root binary run by a non-root user. Do set it > @@ -544,7 +544,8 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) > > root_uid = make_kuid(new->user_ns, 0); > > - handle_privileged_root(bprm, has_fcap, &effective, root_uid); > + if (root_privileged()) > + handle_privileged_root(bprm, has_fcap, &effective, root_uid); > > /* if we have fs caps, clear dangerous personality flags */ > if (cap_gained(permitted, new, old)) > @@ -612,7 +613,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) > if (cap_grew(effective, ambient, new)) { > if (!cap_full(effective, new) || > !uid_eq(new->euid, root_uid) || !uid_eq(new->uid, root_uid) > || > - issecure(SECURE_NOROOT)) { > + !root_privileged()) { > ret = audit_log_bprm_fcaps(bprm, new, old); > if (ret < 0) > return ret; > -- > 1.7.1 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
Re: [PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic
On Wed, 23 Aug 2017, Richard Guy Briggs wrote: > Introduce inline root_privileged() to make use of SECURE_NONROOT > easier to read. > > Suggested-by: Serge Hallyn > Signed-off-by: Richard Guy Briggs > --- > security/commoncap.c |9 + > 1 files changed, 5 insertions(+), 4 deletions(-) Acked-by: James Morris -- James Morris -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
[PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic
Introduce inline root_privileged() to make use of SECURE_NONROOT easier to read. Suggested-by: Serge Hallyn Signed-off-by: Richard Guy Briggs --- security/commoncap.c |9 + 1 files changed, 5 insertions(+), 4 deletions(-) diff --git a/security/commoncap.c b/security/commoncap.c index 028d4e4..36c38a1 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -481,13 +481,13 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_f return rc; } +static inline bool root_privileged(void) { return !issecure(SECURE_NOROOT); } + void handle_privileged_root(struct linux_binprm *bprm, bool has_fcap, bool *effective, kuid_t root_uid) { const struct cred *old = current_cred(); struct cred *new = bprm->cred; - if (issecure(SECURE_NOROOT)) - return; /* * If the legacy file capability is set, then don't set privs * for a setuid root binary run by a non-root user. Do set it @@ -544,7 +544,8 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) root_uid = make_kuid(new->user_ns, 0); - handle_privileged_root(bprm, has_fcap, &effective, root_uid); + if (root_privileged()) + handle_privileged_root(bprm, has_fcap, &effective, root_uid); /* if we have fs caps, clear dangerous personality flags */ if (cap_gained(permitted, new, old)) @@ -612,7 +613,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) if (cap_grew(effective, ambient, new)) { if (!cap_full(effective, new) || !uid_eq(new->euid, root_uid) || !uid_eq(new->uid, root_uid) || - issecure(SECURE_NOROOT)) { + !root_privileged()) { ret = audit_log_bprm_fcaps(bprm, new, old); if (ret < 0) return ret; -- 1.7.1 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit