diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/binfmts.h | 3 | ||||
-rw-r--r-- | include/linux/capability.h | 48 | ||||
-rw-r--r-- | include/linux/fs.h | 1 | ||||
-rw-r--r-- | include/linux/security.h | 40 |
4 files changed, 73 insertions, 19 deletions
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h index 3a6512f8ec9..b7fc55ec8d4 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h @@ -37,7 +37,8 @@ struct linux_binprm{ int sh_bang; struct file * file; int e_uid, e_gid; - kernel_cap_t cap_inheritable, cap_permitted, cap_effective; + kernel_cap_t cap_inheritable, cap_permitted; + bool cap_effective; void *security; int argc, envc; char * filename; /* Name of binary as seen by procps */ diff --git a/include/linux/capability.h b/include/linux/capability.h index 2dfa5855593..8961e7fb755 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -1,14 +1,14 @@ /* * This is <linux/capability.h> * - * Andrew G. Morgan <morgan@transmeta.com> + * Andrew G. Morgan <morgan@kernel.org> * Alexander Kjeldaas <astor@guardian.no> * with help from Aleph1, Roland Buresund and Andrew Main. * * See here for the libcap library ("POSIX draft" compliance): * - * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/ - */ + * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ + */ #ifndef _LINUX_CAPABILITY_H #define _LINUX_CAPABILITY_H @@ -28,23 +28,41 @@ struct task_struct; following structure to such a composite is better handled in a user library since the draft standard requires the use of malloc/free etc.. */ - + #define _LINUX_CAPABILITY_VERSION 0x19980330 typedef struct __user_cap_header_struct { __u32 version; int pid; } __user *cap_user_header_t; - + typedef struct __user_cap_data_struct { __u32 effective; __u32 permitted; __u32 inheritable; } __user *cap_user_data_t; - -#ifdef __KERNEL__ -#include <asm/current.h> +#define XATTR_CAPS_SUFFIX "capability" +#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX + +#define XATTR_CAPS_SZ (3*sizeof(__le32)) +#define VFS_CAP_REVISION_MASK 0xFF000000 +#define VFS_CAP_REVISION_1 0x01000000 + +#define VFS_CAP_REVISION VFS_CAP_REVISION_1 + +#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK +#define VFS_CAP_FLAGS_EFFECTIVE 0x000001 + +struct vfs_cap_data { + __u32 magic_etc; /* Little endian */ + struct { + __u32 permitted; /* Little endian */ + __u32 inheritable; /* Little endian */ + } data[1]; +}; + +#ifdef __KERNEL__ /* #define STRICT_CAP_T_TYPECHECKS */ @@ -59,7 +77,7 @@ typedef struct kernel_cap_struct { typedef __u32 kernel_cap_t; #endif - + #define _USER_CAP_HEADER_SIZE (2*sizeof(__u32)) #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) @@ -67,7 +85,7 @@ typedef __u32 kernel_cap_t; /** - ** POSIX-draft defined capabilities. + ** POSIX-draft defined capabilities. **/ /* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this @@ -87,7 +105,7 @@ typedef __u32 kernel_cap_t; defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ #define CAP_DAC_READ_SEARCH 2 - + /* Overrides all restrictions about allowed operations on files, where file owner ID must be equal to the user ID, except where CAP_FSETID is applicable. It doesn't override MAC and DAC restrictions. */ @@ -257,7 +275,7 @@ typedef __u32 kernel_cap_t; /* Override reserved space on ext2 filesystem */ /* Modify data journaling mode on ext3 filesystem (uses journaling resources) */ -/* NOTE: ext2 honors fsuid when checking for resource overrides, so +/* NOTE: ext2 honors fsuid when checking for resource overrides, so you can override using fsuid too */ /* Override size restrictions on IPC message queues */ /* Allow more than 64hz interrupts from the real-time clock */ @@ -289,8 +307,10 @@ typedef __u32 kernel_cap_t; #define CAP_AUDIT_CONTROL 30 +#define CAP_SETFCAP 31 + #ifdef __KERNEL__ -/* +/* * Bounding set */ extern kernel_cap_t cap_bset; @@ -298,7 +318,7 @@ extern kernel_cap_t cap_bset; /* * Internal kernel functions only */ - + #ifdef STRICT_CAP_T_TYPECHECKS #define to_cap_t(x) { x } diff --git a/include/linux/fs.h b/include/linux/fs.h index 365586a4c4d..e3fc5dbb224 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -329,6 +329,7 @@ typedef void (dio_iodone_t)(struct kiocb *iocb, loff_t offset, #define ATTR_KILL_SUID 2048 #define ATTR_KILL_SGID 4096 #define ATTR_FILE 8192 +#define ATTR_KILL_PRIV 16384 /* * This is the Inode Attributes structure, used for notify_change(). It diff --git a/include/linux/security.h b/include/linux/security.h index a300a3f2fe6..df591d289ec 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -51,8 +51,14 @@ extern void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe); extern int cap_bprm_secureexec(struct linux_binprm *bprm); extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags); extern int cap_inode_removexattr(struct dentry *dentry, char *name); +extern int cap_inode_need_killpriv(struct dentry *dentry); +extern int cap_inode_killpriv(struct dentry *dentry); extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); extern void cap_task_reparent_to_init (struct task_struct *p); +extern int cap_task_kill(struct task_struct *p, struct siginfo *info, int sig, u32 secid); +extern int cap_task_setscheduler (struct task_struct *p, int policy, struct sched_param *lp); +extern int cap_task_setioprio (struct task_struct *p, int ioprio); +extern int cap_task_setnice (struct task_struct *p, int nice); extern int cap_syslog (int type); extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); @@ -413,6 +419,18 @@ struct request_sock; * is specified by @buffer_size. @buffer may be NULL to request * the size of the buffer required. * Returns number of bytes used/required on success. + * @inode_need_killpriv: + * Called when an inode has been changed. + * @dentry is the dentry being changed. + * Return <0 on error to abort the inode change operation. + * Return 0 if inode_killpriv does not need to be called. + * Return >0 if inode_killpriv does need to be called. + * @inode_killpriv: + * The setuid bit is being removed. Remove similar security labels. + * Called with the dentry->d_inode->i_mutex held. + * @dentry is the dentry being changed. + * Return 0 on success. If error is returned, then the operation + * causing setuid bit removal is failed. * * Security hooks for file operations * @@ -1239,6 +1257,8 @@ struct security_operations { int (*inode_getxattr) (struct dentry *dentry, char *name); int (*inode_listxattr) (struct dentry *dentry); int (*inode_removexattr) (struct dentry *dentry, char *name); + int (*inode_need_killpriv) (struct dentry *dentry); + int (*inode_killpriv) (struct dentry *dentry); const char *(*inode_xattr_getsuffix) (void); int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err); int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); @@ -1496,6 +1516,8 @@ void security_inode_post_setxattr(struct dentry *dentry, char *name, int security_inode_getxattr(struct dentry *dentry, char *name); int security_inode_listxattr(struct dentry *dentry); int security_inode_removexattr(struct dentry *dentry, char *name); +int security_inode_need_killpriv(struct dentry *dentry); +int security_inode_killpriv(struct dentry *dentry); const char *security_inode_xattr_getsuffix(void); int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); @@ -1891,6 +1913,16 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name) return cap_inode_removexattr(dentry, name); } +static inline int security_inode_need_killpriv(struct dentry *dentry) +{ + return cap_inode_need_killpriv(dentry); +} + +static inline int security_inode_killpriv(struct dentry *dentry) +{ + return cap_inode_killpriv(dentry); +} + static inline const char *security_inode_xattr_getsuffix (void) { return NULL ; @@ -2035,12 +2067,12 @@ static inline int security_task_setgroups (struct group_info *group_info) static inline int security_task_setnice (struct task_struct *p, int nice) { - return 0; + return cap_task_setnice(p, nice); } static inline int security_task_setioprio (struct task_struct *p, int ioprio) { - return 0; + return cap_task_setioprio(p, ioprio); } static inline int security_task_getioprio (struct task_struct *p) @@ -2058,7 +2090,7 @@ static inline int security_task_setscheduler (struct task_struct *p, int policy, struct sched_param *lp) { - return 0; + return cap_task_setscheduler(p, policy, lp); } static inline int security_task_getscheduler (struct task_struct *p) @@ -2075,7 +2107,7 @@ static inline int security_task_kill (struct task_struct *p, struct siginfo *info, int sig, u32 secid) { - return 0; + return cap_task_kill(p, info, sig, secid); } static inline int security_task_wait (struct task_struct *p) |