• Richard Guy Briggs's avatar
    capabilities: audit log other surprising conditions · dbbbe110
    Richard Guy Briggs authored
    The existing condition tested for process effective capabilities set by
    file attributes but intended to ignore the change if the result was
    unsurprisingly an effective full set in the case root is special with a
    setuid root executable file and we are root.
    
    Stated again:
    - When you execute a setuid root application, it is no surprise and
      expected that it got all capabilities, so we do not want capabilities
      recorded.
            if (pE_grew && !(pE_fullset && (eff_root || real_root) && root_priveleged) )
    
    Now make sure we cover other cases:
    - If something prevented a setuid root app getting all capabilities and
      it wound up with one capability only, then it is a surprise and should
      be logged.  When it is a setuid root file, we only want capabilities
      when the process does not get full capabilities..
            root_priveleged && setuid_root && !pE_fullset
    
    - Similarly if a non-setuid program does pick up capabilities due to
      file system based capabilities, then we want to know what capabilities
      were picked up.  When it has file system based capabilities we want
      the capabilities.
            !is_setuid && (has_fcap && pP_gained)
    
    - If it is a non-setuid file and it gets ambient capabilities, we want
      the capabilities.
            !is_setuid && pA_gained
    
    - These last two are combined into one due to the common first parameter.
    
    Related: https://github.com/linux-audit/audit-kernel/issues/16Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
    Reviewed-by: default avatarSerge Hallyn <serge@hallyn.com>
    Acked-by: default avatarJames Morris <james.l.morris@oracle.com>
    Acked-by: default avatarKees Cook <keescook@chromium.org>
    Acked-by: default avatarPaul Moore <paul@paul-moore.com>
    Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
    dbbbe110
commoncap.c 38.9 KB