date:20071019

[PATCH RFC] capabilities: remove STRICT_CAP_T_TYPECHECKS

2007-10-19 Thread Serge E. Hallyn

Quoting Serge E. Hallyn ([EMAIL PROTECTED]):
 From cd7c384f76d2c0f6b12a1c0936d54ae9c5e7cb4c Mon Sep 17 00:00:00 2001
 From: Serge E. Hallyn [EMAIL PROTECTED]
 Date: Fri, 19 Oct 2007 15:39:10 -0400
 Subject: [PATCH RFC] capabilities: fix compilation with strict type checking 
 (v2)

 Since at least 1998 the code under STRICT_CAP_T_TYPECHECKS option has
 not been used.  (See
 http://www.uwsg.iu.edu/hypermail/linux/kernel/9810.2/0705.html)

 There are two options - we can remove this option altogether
 or, as this patch attempts to do, fix compilation with
 STRICT_CAP_T_TYPECHECKS so it can be enabled.

Here is the second alternative, simply removing the
STRICT_CAP_T_TYPECHECKS option.

thanks,
-serge

From 141626df6eaba12f5566f6bce7e72c1c3e627364 Mon Sep 17 00:00:00 2001
From: Serge E. Hallyn [EMAIL PROTECTED]
Date: Wed, 17 Oct 2007 10:00:49 -0400
Subject: [PATCH 1/1] capabilities: remove STRICT_CAP_T_TYPECHECKS

It appears STRICT_CAP_T_TYPECHECKS was introduced in 1998 - and
always undefined since then - because the STRICT_CAP_T_TYPECHECKS
behavior is broken.  (See 
http://www.uwsg.iu.edu/hypermail/linux/kernel/9810.2/0705.html)

Remove this code to simplify the capabilites code.

Signed-off-by: Serge E. Hallyn [EMAIL PROTECTED]
---
 include/linux/capability.h |   21 -
 1 files changed, 0 insertions(+), 21 deletions(-)

diff --git a/include/linux/capability.h b/include/linux/capability.h
index 7a8d7ad..8f7c7ed 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -64,20 +64,8 @@ struct vfs_cap_data {

 #ifdef __KERNEL__

-/* #define STRICT_CAP_T_TYPECHECKS */
-
-#ifdef STRICT_CAP_T_TYPECHECKS
-
-typedef struct kernel_cap_struct {
-   __u32 cap;
-} kernel_cap_t;
-
-#else
-
 typedef __u32 kernel_cap_t;

-#endif
-
 #define _USER_CAP_HEADER_SIZE  (2*sizeof(__u32))
 #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))

@@ -315,18 +303,9 @@ typedef __u32 kernel_cap_t;
  * Internal kernel functions only
  */

-#ifdef STRICT_CAP_T_TYPECHECKS
-
-#define to_cap_t(x) { x }
-#define cap_t(x) (x).cap
-
-#else
-
 #define to_cap_t(x) (x)
 #define cap_t(x) (x)

-#endif
-
 #define CAP_EMPTY_SET   to_cap_t(0)
 #define CAP_FULL_SETto_cap_t(~0)
 #define CAP_INIT_EFF_SETto_cap_t(~0  ~CAP_TO_MASK(CAP_SETPCAP))
-- 
1.5.1.1.GIT

-
To unsubscribe from this list: send the line unsubscribe 
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH RFC] capabilities: fix compilation with strict type checking

2007-10-19 Thread Serge E. Hallyn

From cd7c384f76d2c0f6b12a1c0936d54ae9c5e7cb4c Mon Sep 17 00:00:00 2001
From: Serge E. Hallyn [EMAIL PROTECTED]
Date: Fri, 19 Oct 2007 15:39:10 -0400
Subject: [PATCH RFC] capabilities: fix compilation with strict type checking 
(v2)

Since at least 1998 the code under STRICT_CAP_T_TYPECHECKS option has
not been used.  (See
http://www.uwsg.iu.edu/hypermail/linux/kernel/9810.2/0705.html)

There are two options - we can remove this option altogether
or, as this patch attempts to do, fix compilation with
STRICT_CAP_T_TYPECHECKS so it can be enabled.

This patch replaces the always-undefined STRICT_CAP_T_TYPECHECKS
with a Kconfig variable (CONFIG_CAP_STRICT_TYPECHECKS), and
hopefully fixes all the places in the code which broke with
that option set.  This compiles with capabilities, selinux,
and dummy modules.  It passes ltp with capabilities and file
capabilities.

However this patch is only for comment.  Much more testing and
proofreading is needed before considering applying.  I will
also be sending out the alternative patch which simply removes
the strict typechecking.

Signed-off-by: Serge E. Hallyn [EMAIL PROTECTED]
---
 fs/nfsd/auth.c |2 +-
 include/linux/capability.h |   45 +++
 kernel/capability.c|   12 ++-
 security/Kconfig   |   12 +++
 security/commoncap.c   |   22 +++-
 security/dummy.c   |   13 +++
 6 files changed, 64 insertions(+), 42 deletions(-)

diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
index 2192805..43b3340 100644
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -72,7 +72,7 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export 
*exp)
cap_t(current-cap_effective) = ~CAP_NFSD_MASK;
} else {
cap_t(current-cap_effective) |= (CAP_NFSD_MASK 
- current-cap_permitted);
+ cap_t(current-cap_permitted));
}
return ret;
 }
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 7a8d7ad..f752bed 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -62,28 +62,6 @@ struct vfs_cap_data {
} data[1];
 };
 
-#ifdef __KERNEL__
-
-/* #define STRICT_CAP_T_TYPECHECKS */
-
-#ifdef STRICT_CAP_T_TYPECHECKS
-
-typedef struct kernel_cap_struct {
-   __u32 cap;
-} kernel_cap_t;
-
-#else
-
-typedef __u32 kernel_cap_t;
-
-#endif
-
-#define _USER_CAP_HEADER_SIZE  (2*sizeof(__u32))
-#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
-
-#endif
-
-
 /**
  ** POSIX-draft defined capabilities.
  **/
@@ -315,15 +293,27 @@ typedef __u32 kernel_cap_t;
  * Internal kernel functions only
  */
 
-#ifdef STRICT_CAP_T_TYPECHECKS
+#define _USER_CAP_HEADER_SIZE  (2*sizeof(__u32))
+#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
+#define CAP_TO_MASK(x) (1  (x))
+
+#ifdef CONFIG_CAP_STRICT_TYPECHECKS
 
-#define to_cap_t(x) { x }
+typedef struct kernel_cap_struct {
+   __u32 cap;
+} kernel_cap_t;
+
+#define to_cap_t(x) { .cap = x, }
 #define cap_t(x) (x).cap
+#define cap_assign(x, v) { x.cap = v; }
 
 #else
 
+typedef __u32 kernel_cap_t;
+
 #define to_cap_t(x) (x)
 #define cap_t(x) (x)
+#define cap_assign(cap, v) { cap = v; }
 
 #endif
 
@@ -332,7 +322,12 @@ typedef __u32 kernel_cap_t;
 #define CAP_INIT_EFF_SETto_cap_t(~0  ~CAP_TO_MASK(CAP_SETPCAP))
 #define CAP_INIT_INH_SETto_cap_t(0)
 
-#define CAP_TO_MASK(x) (1  (x))
+extern kernel_cap_t cap_empty_set;
+extern kernel_cap_t cap_full_set;
+extern kernel_cap_t cap_init_eff_set;
+extern kernel_cap_t cap_init_inh_set;
+extern kernel_cap_t cap_fs_mask_set;
+
 #define cap_raise(c, flag)   (cap_t(c) |=  CAP_TO_MASK(flag))
 #define cap_lower(c, flag)   (cap_t(c) = ~CAP_TO_MASK(flag))
 #define cap_raised(c, flag)  (cap_t(c)  CAP_TO_MASK(flag))
diff --git a/kernel/capability.c b/kernel/capability.c
index 4a881b8..7094ad9 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -15,6 +15,12 @@
 #include linux/pid_namespace.h
 #include asm/uaccess.h
 
+kernel_cap_t cap_empty_set = CAP_EMPTY_SET;
+kernel_cap_t cap_full_set  = CAP_FULL_SET;
+kernel_cap_t cap_init_eff_set  = CAP_INIT_EFF_SET;
+kernel_cap_t cap_init_inh_set  = CAP_INIT_INH_SET;
+kernel_cap_t cap_fs_mask_set   = to_cap_t(CAP_FS_MASK);
+
 /*
  * This lock protects task-cap_* for all tasks including current.
  * Locking rule: acquire this prior to tasklist_lock.
@@ -43,6 +49,7 @@ asmlinkage long sys_capget(cap_user_header_t header, 
cap_user_data_t dataptr)
__u32 version;
struct task_struct *target;
struct __user_cap_data_struct data;
+   kernel_cap_t pE, pP, pI;
 
if (get_user(version, header-version))
return -EFAULT;
@@ -71,7 +78,10 @@ asmlinkage long sys_capget(cap_user_header_t header, 
cap_user_data_t dataptr)
} else
target = current;
 
-   ret = security_capget(target, data.effective,

Re: [PATCH] Version 8 (2.6.23) Smack: Simplified Mandatory Access Control Kernel

2007-10-19 Thread Ahmed S. Darwish

On 10/18/07, Al Viro [EMAIL PROTECTED] wrote:
 On Thu, Oct 18, 2007 at 05:57:05AM +0100, Al Viro wrote:
  On Tue, Oct 16, 2007 at 09:17:40PM -0700, Casey Schaufler wrote:

  Think what happens if CPU1 adds to list and CPU2 sees write to smk_known
  *before* it sees write to -smk_next.  We see a single-element list and
  we'll be lucky if that single entry won't be FUBAR.

 While we are at it, what protects smack_cipso_count?
 -

My fault. I sent to Casey a one-liner patch to make smack_cipso_count++
be protected by the smk_cipsolock spinlock.

We don't need a lock in the reading side since we don't do a write operation
depending on that read, right ?.

-- 
Ahmed S. Darwish
Homepage: http://darwish.07.googlepages.com
Blog: http://darwish-07.blogspot.com
-
To unsubscribe from this list: send the line unsubscribe 
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH RFC] capabilities: remove STRICT_CAP_T_TYPECHECKS

[PATCH RFC] capabilities: fix compilation with strict type checking

Re: [PATCH] Version 8 (2.6.23) Smack: Simplified Mandatory Access Control Kernel

3 matches

Site Navigation

Mail list logo

Footer information