subject:"LSM hook addition\?"

Re: LSM hook addition?

2005-01-24 Thread Valdis . Kletnieks

On Mon, 24 Jan 2005 00:58:08 EST, John Richard Moser said:

> I believe this would be sufficient to finish an LSM module to implement
> linking restrictions from GrSecurity.  I did Symlinks in an LSM module,
> but haven't tested it out; it's purely academic. 
> The hook here would be used (in my academic exploration) to prevent hard
> links from being created to files you don't own, unless you're root.

You don't need a hook there to do that.  The inode_link hook should be 
sufficient,
using code something like this:

+int vtkit_link (struct dentry *old_entry, struct inode *dir, struct dentry 
*new_entry)
+{
+   struct inode *i_target = old_entry->d_inode;
+   struct inode *i_new = new_entry->d_inode;
+   int perm_check = 0;
+
+   /* We check as follows - if the target of the link isn't owned by us,
+* and we're not a privileged user, then we complain if any of the
+* following are true:
+* 1) It's not a special file
+* 2) the target is set-uid or set-gid
+* 3) user doesn't have permission to the target
+*
+* Yes, a "current->uid" check is pig-headed and wrong in the context 
of a
+* system that uses priv separation...
+*/
+   perm_check = generic_permission(i_target, MAY_READ | MAY_WRITE, NULL);
+   if (security_safe_hardlink && (current->fsuid != i_target->i_uid) &&
+   !capable(CAP_FOWNER) && current->uid &&
+   (!S_ISREG(i_target->i_mode) || (i_target->i_mode & S_ISUID) ||
+   ((i_target->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | 
S_IXGRP)) ||
+   perm_check)) {
+   printk(KERN_NOTICE "vtkit - rejecting hard link (target 
UID %d) by PID %d (uid=%d, comm=%s)\n",
+   i_target->i_uid, current->pid, current->uid, 
current->comm);
+   return (perm_check ? perm_check:-EPERM);
+   }
+   return 0;
+}

If I'm missing something here, please let me know... ;)



pgpfildz233W5.pgp
Description: PGP signature

Re: LSM hook addition?

2005-01-23 Thread Chris Wright

* John Richard Moser ([EMAIL PROTECTED]) wrote:
> Can someone point me to documentation or give me a small patch to add an
> LSM hook to kernel 2.6.10 in fs/namei.c at line 1986:
> 
> new_dentry = lookup_create(&nd, 0);
> error = PTR_ERR(new_dentry);
> if (!IS_ERR(new_dentry)) {
> error = security_inode_make_hardlink(old_nd); // ADD
> error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
> new_dentry);

It's already there.  Look at the code in vfs_link.  The security_inode_link
hook is documented in include/linux/security.h.  And the restrictive policy
you're referring to is already codified in the owlsm module.  See the
do_owlsm_link() function here (code's a bit old, but basic idea is still
relevant):

http://lsm.bkbits.net:8080/lsm-2.6/anno/security/[EMAIL 
PROTECTED]|src/|src/security

thanks,
-chris
-- 
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

LSM hook addition?

2005-01-23 Thread John Richard Moser

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Can someone point me to documentation or give me a small patch to add an
LSM hook to kernel 2.6.10 in fs/namei.c at line 1986:

new_dentry = lookup_create(&nd, 0);
error = PTR_ERR(new_dentry);
if (!IS_ERR(new_dentry)) {
error = security_inode_make_hardlink(old_nd); // ADD
error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
new_dentry);

I believe this would be sufficient to finish an LSM module to implement
linking restrictions from GrSecurity.  I did Symlinks in an LSM module,
but haven't tested it out; it's purely academic.  I guess adding an LSM
hook would be an interesting academic experience; I'd enjoy examining a
patch that adds this hook, and then trying to add another hook myself.

The hook here would be used (in my academic exploration) to prevent hard
links from being created to files you don't own, unless you're root.

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB9I5vhDd4aOud5P8RAmNNAJ44riGGJ6CP1sCC/CHfIJiD0u6augCeNFEI
PjjmHxipSD2wRyv4z+JElig=
=VDIo
-END PGP SIGNATURE-
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: LSM hook addition?

Re: LSM hook addition?

LSM hook addition?

3 matches

Site Navigation

Mail list logo

Footer information