Em Seg 25 Mai 2009, às 18:54:20, Tetsuo Handa escreveu:
> Hello.
>
> Herton Ronaldo Krzesinski wrote:
> > Make sure we call cap_bprm_set_creds with tomoyo, to set credentials
> > properly inside tomoyo_bprm_set_creds
> >
> > Signed-off-by: Herton Ronaldo Krzesinski <[email protected]>
> > ---
> > security/tomoyo/tomoyo.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > Hi, I noted that in a boot with 2.6.30-rc7 with tomoyo enabled, testing on a
> > system without ccs-tools installed (thus tomoyo enabled but not used*), some
> > suid executables were not being working (for example, su - was not working
> > anymore with tomoyo enabled); I traced it to tomoyo not calling
> > cap_bprm_set_creds, please review and send as 2.6.30 bugfix, thanks.
> >
> > *didn't test yet if with ccs-tools installed the bug doesn't happen, thus my
> > note
> Oh, I didn't know TOMOYO needs to call cap_bprm_set_creds().
>
> >
> > diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
> > index 5b48191..e42be5c 100644
> > --- a/security/tomoyo/tomoyo.c
> > +++ b/security/tomoyo/tomoyo.c
> > @@ -27,6 +27,12 @@ static int tomoyo_cred_prepare(struct cred *new, const
> > struct cred *old,
> >
> > static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
> > {
> > + int rc;
> > +
> > + rc = cap_bprm_set_creds(bprm);
> > + if (rc)
> > + return rc;
> > +
> > /*
> > * Do only if this function is called for the first time of an execve
> > * operation.
> >
>
> SMACK is calling below capability hooks.
> Maybe TOMOYO needs to call below capability hooks as well.
No need to tomoyo to initialize these hooks, unitialized members of
tomoyo_security_ops are set to null (as C99 designated initializers are used
and tomoyo_security_ops is of static duration), so when
register_security(&tomoyo_security_ops) is called, we have:
register_security(ops)->verify(ops)->security_fixup_ops(ops)
and security_fixup_ops automatically set all default cap_* functions for NULL
fields, no need to set them explicitly.
The same applies to smack_ops from smack, probably these default initializations
are for readability as they aren't needed too.
btw, selinux also calls cap_bprm_set_creds as with this patch in tomoyo.
>
> struct security_operations smack_ops = {
> .capget = cap_capget,
> .capset = cap_capset,
> .capable = cap_capable,
> .settime = cap_settime,
> .vm_enough_memory = cap_vm_enough_memory,
> .bprm_set_creds = cap_bprm_set_creds,
> .bprm_secureexec = cap_bprm_secureexec,
> .inode_need_killpriv = cap_inode_need_killpriv,
> .inode_killpriv = cap_inode_killpriv,
> .task_fix_setuid = cap_task_fix_setuid,
> .task_prctl = cap_task_prctl,
> .netlink_send = cap_netlink_send,
> .netlink_recv = cap_netlink_recv,
> };
>
> Thank you.
>
--
[]'s
Herton
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
