[PATCH 1/5] Use capabilities as default w/ and w/out CONFIG_SECURITY.
If a kernel is compiled with CONFIG_SECURITY to enable LSM, the
default behaviour changes unless the admin loads capability.
This is undesirable. This patch makes capability the default.
capability can still be compiled as module and be loaded as LSM.
If loaded as primary LSM, it won't change anything. But it may
also be loaded as secondary LSM and stacked on top of another
LSM (if the other LSM allows this or if stacker is used).
Based on original patch from Kurt Garloff <[EMAIL PROTECTED]>.
Signed-off-by: Chris Wright <[EMAIL PROTECTED]>
---
security/dummy.c | 996 ---
security/Makefile|9
security/commoncap.c | 977 +-
security/security.c | 22 -
4 files changed, 912 insertions(+), 1092 deletions(-)
Index: lsm-hooks-2.6/security/Makefile
===
--- lsm-hooks-2.6.orig/security/Makefile
+++ lsm-hooks-2.6/security/Makefile
@@ -5,15 +5,12 @@
obj-$(CONFIG_KEYS) += keys/
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
-# if we don't select a security model, use the default capabilities
-ifneq ($(CONFIG_SECURITY),y)
obj-y += commoncap.o
-endif
# Object file lists
-obj-$(CONFIG_SECURITY) += security.o dummy.o
+obj-$(CONFIG_SECURITY) += security.o
# Must precede capability.o in order to stack properly.
obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
-obj-$(CONFIG_SECURITY_CAPABILITIES)+= commoncap.o capability.o
-obj-$(CONFIG_SECURITY_ROOTPLUG)+= commoncap.o root_plug.o
+obj-$(CONFIG_SECURITY_CAPABILITIES)+= capability.o
+obj-$(CONFIG_SECURITY_ROOTPLUG)+= root_plug.o
obj-$(CONFIG_SECURITY_SECLVL) += seclvl.o
Index: lsm-hooks-2.6/security/commoncap.c
===
--- lsm-hooks-2.6.orig/security/commoncap.c
+++ lsm-hooks-2.6/security/commoncap.c
@@ -8,7 +8,6 @@
*/
#include
-#include
#include
#include
#include
@@ -23,38 +22,7 @@
#include
#include
#include
-
-int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
-{
- NETLINK_CB(skb).eff_cap = current->cap_effective;
- return 0;
-}
-
-EXPORT_SYMBOL(cap_netlink_send);
-
-int cap_netlink_recv(struct sk_buff *skb)
-{
- if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN))
- return -EPERM;
- return 0;
-}
-
-EXPORT_SYMBOL(cap_netlink_recv);
-
-int cap_capable (struct task_struct *tsk, int cap)
-{
- /* Derived from include/linux/sched.h:capable. */
- if (cap_raised(tsk->cap_effective, cap))
- return 0;
- return -EPERM;
-}
-
-int cap_settime(struct timespec *ts, struct timezone *tz)
-{
- if (!capable(CAP_SYS_TIME))
- return -EPERM;
- return 0;
-}
+#include
int cap_ptrace (struct task_struct *parent, struct task_struct *child)
{
@@ -64,6 +32,7 @@ int cap_ptrace (struct task_struct *pare
return -EPERM;
return 0;
}
+EXPORT_SYMBOL(cap_ptrace);
int cap_capget (struct task_struct *target, kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted)
@@ -74,6 +43,7 @@ int cap_capget (struct task_struct *targ
*permitted = cap_t (target->cap_permitted);
return 0;
}
+EXPORT_SYMBOL(cap_capget);
int cap_capset_check (struct task_struct *target, kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted)
@@ -100,6 +70,7 @@ int cap_capset_check (struct task_struct
return 0;
}
+EXPORT_SYMBOL(cap_capset_check);
void cap_capset_set (struct task_struct *target, kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted)
@@ -108,34 +79,42 @@ void cap_capset_set (struct task_struct
target->cap_inheritable = *inheritable;
target->cap_permitted = *permitted;
}
+EXPORT_SYMBOL(cap_capset_set);
-int cap_bprm_set_security (struct linux_binprm *bprm)
+int cap_capable (struct task_struct *tsk, int cap)
{
- /* Copied from fs/exec.c:prepare_binprm. */
-
- /* We don't have VFS support for capabilities yet */
- cap_clear (bprm->cap_inheritable);
- cap_clear (bprm->cap_permitted);
- cap_clear (bprm->cap_effective);
+ /* Derived from include/linux/sched.h:capable. */
+ if (cap_raised(tsk->cap_effective, cap))
+ return 0;
+ return -EPERM;
+}
+EXPORT_SYMBOL(cap_capable);
- /* To support inheritance of root-permissions and suid-root
-* executables under compatibility mode, we raise all three
-* capability sets for the file.
-*
-* If only the real uid is 0, we only raise the inheritable
-* and permitted sets of the executable file.
-*/
+int cap_syslog (int type)
+{
+ if ((type != 3 && type != 10) &&
[PATCH 1/5] Use capabilities as default w/ and w/out CONFIG_SECURITY.
If a kernel is compiled with CONFIG_SECURITY to enable LSM, the
default behaviour changes unless the admin loads capability.
This is undesirable. This patch makes capability the default.
capability can still be compiled as module and be loaded as LSM.
If loaded as primary LSM, it won't change anything. But it may
also be loaded as secondary LSM and stacked on top of another
LSM (if the other LSM allows this or if stacker is used).
Based on original patch from Kurt Garloff [EMAIL PROTECTED].
Signed-off-by: Chris Wright [EMAIL PROTECTED]
---
security/dummy.c | 996 ---
security/Makefile|9
security/commoncap.c | 977 +-
security/security.c | 22 -
4 files changed, 912 insertions(+), 1092 deletions(-)
Index: lsm-hooks-2.6/security/Makefile
===
--- lsm-hooks-2.6.orig/security/Makefile
+++ lsm-hooks-2.6/security/Makefile
@@ -5,15 +5,12 @@
obj-$(CONFIG_KEYS) += keys/
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
-# if we don't select a security model, use the default capabilities
-ifneq ($(CONFIG_SECURITY),y)
obj-y += commoncap.o
-endif
# Object file lists
-obj-$(CONFIG_SECURITY) += security.o dummy.o
+obj-$(CONFIG_SECURITY) += security.o
# Must precede capability.o in order to stack properly.
obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
-obj-$(CONFIG_SECURITY_CAPABILITIES)+= commoncap.o capability.o
-obj-$(CONFIG_SECURITY_ROOTPLUG)+= commoncap.o root_plug.o
+obj-$(CONFIG_SECURITY_CAPABILITIES)+= capability.o
+obj-$(CONFIG_SECURITY_ROOTPLUG)+= root_plug.o
obj-$(CONFIG_SECURITY_SECLVL) += seclvl.o
Index: lsm-hooks-2.6/security/commoncap.c
===
--- lsm-hooks-2.6.orig/security/commoncap.c
+++ lsm-hooks-2.6/security/commoncap.c
@@ -8,7 +8,6 @@
*/
#include linux/config.h
-#include linux/module.h
#include linux/init.h
#include linux/kernel.h
#include linux/security.h
@@ -23,38 +22,7 @@
#include linux/ptrace.h
#include linux/xattr.h
#include linux/hugetlb.h
-
-int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
-{
- NETLINK_CB(skb).eff_cap = current-cap_effective;
- return 0;
-}
-
-EXPORT_SYMBOL(cap_netlink_send);
-
-int cap_netlink_recv(struct sk_buff *skb)
-{
- if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN))
- return -EPERM;
- return 0;
-}
-
-EXPORT_SYMBOL(cap_netlink_recv);
-
-int cap_capable (struct task_struct *tsk, int cap)
-{
- /* Derived from include/linux/sched.h:capable. */
- if (cap_raised(tsk-cap_effective, cap))
- return 0;
- return -EPERM;
-}
-
-int cap_settime(struct timespec *ts, struct timezone *tz)
-{
- if (!capable(CAP_SYS_TIME))
- return -EPERM;
- return 0;
-}
+#include linux/sysctl.h
int cap_ptrace (struct task_struct *parent, struct task_struct *child)
{
@@ -64,6 +32,7 @@ int cap_ptrace (struct task_struct *pare
return -EPERM;
return 0;
}
+EXPORT_SYMBOL(cap_ptrace);
int cap_capget (struct task_struct *target, kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted)
@@ -74,6 +43,7 @@ int cap_capget (struct task_struct *targ
*permitted = cap_t (target-cap_permitted);
return 0;
}
+EXPORT_SYMBOL(cap_capget);
int cap_capset_check (struct task_struct *target, kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted)
@@ -100,6 +70,7 @@ int cap_capset_check (struct task_struct
return 0;
}
+EXPORT_SYMBOL(cap_capset_check);
void cap_capset_set (struct task_struct *target, kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted)
@@ -108,34 +79,42 @@ void cap_capset_set (struct task_struct
target-cap_inheritable = *inheritable;
target-cap_permitted = *permitted;
}
+EXPORT_SYMBOL(cap_capset_set);
-int cap_bprm_set_security (struct linux_binprm *bprm)
+int cap_capable (struct task_struct *tsk, int cap)
{
- /* Copied from fs/exec.c:prepare_binprm. */
-
- /* We don't have VFS support for capabilities yet */
- cap_clear (bprm-cap_inheritable);
- cap_clear (bprm-cap_permitted);
- cap_clear (bprm-cap_effective);
+ /* Derived from include/linux/sched.h:capable. */
+ if (cap_raised(tsk-cap_effective, cap))
+ return 0;
+ return -EPERM;
+}
+EXPORT_SYMBOL(cap_capable);
- /* To support inheritance of root-permissions and suid-root
-* executables under compatibility mode, we raise all three
-* capability sets for the file.
-*
-* If only the real uid is 0, we only raise the inheritable
-* and permitted sets of
