Commit 09d35c2a authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] Process Attribute API for Security Modules (fixlet)

From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch, relative to the /proc/pid/attr patch against 2.5.69, fixes the
mode values of the /proc/pid/attr nodes to avoid interference by the normal
Linux access checks for these nodes (and also fixes the /proc/pid/attr/prev
mode to reflect its read-only nature).

Otherwise, when the dumpable flag is cleared by a set[ug]id or unreadable
executable, a process will lose the ability to set its own attributes via
writes to /proc/pid/attr due to a DAC failure (/proc/pid inodes are
assigned the root uid/gid if the task is not dumpable, and the original
mode only permitted the owner to write).

The security module should implement appropriate permission checking in its
[gs]etprocattr hook functions.  In the case of SELinux, the setprocattr
hook function only allows a process to write to its own /proc/pid/attr
nodes as well as imposing other policy-based restrictions, and the
getprocattr hook function performs a permission check between the security
labels of the current process and target process to determine whether the
operation is permitted.
parent ea7870c8
...@@ -99,10 +99,10 @@ static struct pid_entry base_stuff[] = { ...@@ -99,10 +99,10 @@ static struct pid_entry base_stuff[] = {
}; };
#ifdef CONFIG_SECURITY #ifdef CONFIG_SECURITY
static struct pid_entry attr_stuff[] = { static struct pid_entry attr_stuff[] = {
E(PROC_PID_ATTR_CURRENT, "current", S_IFREG|S_IRUGO|S_IWUSR), E(PROC_PID_ATTR_CURRENT, "current", S_IFREG|S_IRUGO|S_IWUGO),
E(PROC_PID_ATTR_PREV, "prev", S_IFREG|S_IRUGO|S_IWUSR), E(PROC_PID_ATTR_PREV, "prev", S_IFREG|S_IRUGO),
E(PROC_PID_ATTR_EXEC, "exec", S_IFREG|S_IRUGO|S_IWUSR), E(PROC_PID_ATTR_EXEC, "exec", S_IFREG|S_IRUGO|S_IWUGO),
E(PROC_PID_ATTR_FSCREATE, "fscreate", S_IFREG|S_IRUGO|S_IWUSR), E(PROC_PID_ATTR_FSCREATE, "fscreate", S_IFREG|S_IRUGO|S_IWUGO),
{0,0,NULL,0} {0,0,NULL,0}
}; };
#endif #endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment