Merge kroah.com:/home/greg/linux/BK/bleeding_edge-2.5

into kroah.com:/home/greg/linux/BK/lsm-2.5

Merge kroah.com:/home/greg/linux/BK/bleeding_edge-2.5
into kroah.com:/home/greg/linux/BK/lsm-2.5
320aa7dc · Greg Kroah-Hartman · 2becf2fd · c3915ca2 · 320aa7dc · 320aa7dc
Commit 320aa7dc authored Dec 04, 2002 by Greg Kroah-Hartman
8 changed files
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -80,6 +80,7 @@

 /* host controllers we manage */
 LIST_HEAD (usb_bus_list);
+EXPORT_SYMBOL (usb_bus_list);

 /* used when allocating bus numbers */
 #define USB_MAXBUS		64
@@ -90,6 +91,7 @@ static struct usb_busmap busmap;

 /* used when updating list of hcds */
 DECLARE_MUTEX (usb_bus_list_lock);	/* exported only for usbfs */
+EXPORT_SYMBOL (usb_bus_list_lock);

 /* used when updating hcd data */
 static spinlock_t hcd_data_lock = SPIN_LOCK_UNLOCKED;

--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@@ -23,6 +23,7 @@
 #include <linux/pagevec.h>
 #include <linux/quotaops.h>
 #include <linux/dnotify.h>
+#include <linux/security.h>

 #include <asm/uaccess.h>


--- a/security/Kconfig
+++ b/security/Kconfig
@@ -22,5 +22,15 @@ config SECURITY_CAPABILITIES
 	  This enables the "default" Linux capabilities functionality.
 	  If you are unsure how to answer this question, answer Y.

+config SECURITY_ROOTPLUG
+	tristate "Root Plug Support"
+	depends on SECURITY!=n
+	help
+	  This is a sample LSM module that should only be used as such.
+	  It enables control over processes being created by root users
+	  if a specific USB device is not present in the system.
+	  
+	  If you are unsure how to answer this question, answer N.
+
 endmenu

--- a/security/Makefile
+++ b/security/Makefile
@@ -13,5 +13,6 @@ endif
 # Object file lists
 obj-$(CONFIG_SECURITY)			+= security.o dummy.o
 obj-$(CONFIG_SECURITY_CAPABILITIES)	+= capability.o
+obj-$(CONFIG_SECURITY_ROOTPLUG)		+= root_plug.o

 include $(TOPDIR)/Rules.make
--- a/security/capability.c
+++ b/security/capability.c
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -12,6 +12,8 @@
 *	(at your option) any later version.
 */

+#undef DEBUG
+
 #include <linux/config.h>
 #include <linux/module.h>
 #include <linux/kernel.h>
@@ -19,6 +21,7 @@
 #include <linux/skbuff.h>
 #include <linux/netlink.h>

+
 static int dummy_ptrace (struct task_struct *parent, struct task_struct *child)
 {
 	return 0;
@@ -122,55 +125,55 @@ static int dummy_sb_statfs (struct super_block *sb)
 	return 0;
 }

-static int dummy_mount (char *dev_name, struct nameidata *nd, char *type,
-			unsigned long flags, void *data)
+static int dummy_sb_mount (char *dev_name, struct nameidata *nd, char *type,
+			   unsigned long flags, void *data)
 {
 	return 0;
 }

-static int dummy_check_sb (struct vfsmount *mnt, struct nameidata *nd)
+static int dummy_sb_check_sb (struct vfsmount *mnt, struct nameidata *nd)
 {
 	return 0;
 }

-static int dummy_umount (struct vfsmount *mnt, int flags)
+static int dummy_sb_umount (struct vfsmount *mnt, int flags)
 {
 	return 0;
 }

-static void dummy_umount_close (struct vfsmount *mnt)
+static void dummy_sb_umount_close (struct vfsmount *mnt)
 {
 	return;
 }

-static void dummy_umount_busy (struct vfsmount *mnt)
+static void dummy_sb_umount_busy (struct vfsmount *mnt)
 {
 	return;
 }

-static void dummy_post_remount (struct vfsmount *mnt, unsigned long flags,
-				void *data)
+static void dummy_sb_post_remount (struct vfsmount *mnt, unsigned long flags,
+				   void *data)
 {
 	return;
 }


-static void dummy_post_mountroot (void)
+static void dummy_sb_post_mountroot (void)
 {
 	return;
 }

-static void dummy_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
+static void dummy_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
 {
 	return;
 }

-static int dummy_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
+static int dummy_sb_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
 {
 	return 0;
 }

-static void dummy_post_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
+static void dummy_sb_post_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
 {
 	return;
 }
@@ -303,12 +306,12 @@ static int dummy_inode_getattr (struct vfsmount *mnt, struct dentry *dentry)
 	return 0;
 }

-static void dummy_post_lookup (struct inode *ino, struct dentry *d)
+static void dummy_inode_post_lookup (struct inode *ino, struct dentry *d)
 {
 	return;
 }

-static void dummy_delete (struct inode *ino)
+static void dummy_inode_delete (struct inode *ino)
 {
 	return;
 }
@@ -529,12 +532,12 @@ static void dummy_sem_free_security (struct sem_array *sma)
 	return;
 }

-static int dummy_register (const char *name, struct security_operations *ops)
+static int dummy_register_security (const char *name, struct security_operations *ops)
 {
 	return -EINVAL;
 }

-static int dummy_unregister (const char *name, struct security_operations *ops)
+static int dummy_unregister_security (const char *name, struct security_operations *ops)
 {
 	return -EINVAL;
 }
@@ -558,16 +561,16 @@ struct security_operations dummy_security_ops = {
 	.sb_alloc_security =		dummy_sb_alloc_security,
 	.sb_free_security =		dummy_sb_free_security,
 	.sb_statfs =			dummy_sb_statfs,
-	.sb_mount =			dummy_mount,
-	.sb_check_sb =			dummy_check_sb,
-	.sb_umount =			dummy_umount,
-	.sb_umount_close =		dummy_umount_close,
-	.sb_umount_busy =		dummy_umount_busy,
-	.sb_post_remount =		dummy_post_remount,
-	.sb_post_mountroot =		dummy_post_mountroot,
-	.sb_post_addmount =		dummy_post_addmount,
-	.sb_pivotroot =			dummy_pivotroot,
-	.sb_post_pivotroot =		dummy_post_pivotroot,
+	.sb_mount =			dummy_sb_mount,
+	.sb_check_sb =			dummy_sb_check_sb,
+	.sb_umount =			dummy_sb_umount,
+	.sb_umount_close =		dummy_sb_umount_close,
+	.sb_umount_busy =		dummy_sb_umount_busy,
+	.sb_post_remount =		dummy_sb_post_remount,
+	.sb_post_mountroot =		dummy_sb_post_mountroot,
+	.sb_post_addmount =		dummy_sb_post_addmount,
+	.sb_pivotroot =			dummy_sb_pivotroot,
+	.sb_post_pivotroot =		dummy_sb_post_pivotroot,
 	
 	.inode_alloc_security =		dummy_inode_alloc_security,
 	.inode_free_security =		dummy_inode_free_security,
@@ -591,8 +594,8 @@ struct security_operations dummy_security_ops = {
 	.inode_permission_lite =	dummy_inode_permission_lite,
 	.inode_setattr =		dummy_inode_setattr,
 	.inode_getattr =		dummy_inode_getattr,
-	.inode_post_lookup =		dummy_post_lookup,
-	.inode_delete =			dummy_delete,
+	.inode_post_lookup =		dummy_inode_post_lookup,
+	.inode_delete =			dummy_inode_delete,
 	.inode_setxattr =		dummy_inode_setxattr,
 	.inode_getxattr =		dummy_inode_getxattr,
 	.inode_listxattr =		dummy_inode_listxattr,
@@ -641,7 +644,113 @@ struct security_operations dummy_security_ops = {
 	.sem_alloc_security =		dummy_sem_alloc_security,
 	.sem_free_security =		dummy_sem_free_security,

-	.register_security =		dummy_register,
-	.unregister_security =		dummy_unregister,
+	.register_security =		dummy_register_security,
+	.unregister_security =		dummy_unregister_security,
 };

+#define set_to_dummy_if_null(ops, function)				\
+	do {								\
+		if (!ops->function) {					\
+			ops->function = dummy_##function;		\
+			pr_debug("Had to override the " #function	\
+				 " security operation with the dummy one.\n");\
+			}						\
+	} while (0)
+
+void security_fixup_ops (struct security_operations *ops)
+{
+	set_to_dummy_if_null(ops, ptrace);
+	set_to_dummy_if_null(ops, capget);
+	set_to_dummy_if_null(ops, capset_check);
+	set_to_dummy_if_null(ops, capset_set);
+	set_to_dummy_if_null(ops, acct);
+	set_to_dummy_if_null(ops, capable);
+	set_to_dummy_if_null(ops, quotactl);
+	set_to_dummy_if_null(ops, quota_on);
+	set_to_dummy_if_null(ops, bprm_alloc_security);
+	set_to_dummy_if_null(ops, bprm_free_security);
+	set_to_dummy_if_null(ops, bprm_compute_creds);
+	set_to_dummy_if_null(ops, bprm_set_security);
+	set_to_dummy_if_null(ops, bprm_check_security);
+	set_to_dummy_if_null(ops, sb_alloc_security);
+	set_to_dummy_if_null(ops, sb_free_security);
+	set_to_dummy_if_null(ops, sb_statfs);
+	set_to_dummy_if_null(ops, sb_mount);
+	set_to_dummy_if_null(ops, sb_check_sb);
+	set_to_dummy_if_null(ops, sb_umount);
+	set_to_dummy_if_null(ops, sb_umount_close);
+	set_to_dummy_if_null(ops, sb_umount_busy);
+	set_to_dummy_if_null(ops, sb_post_remount);
+	set_to_dummy_if_null(ops, sb_post_mountroot);
+	set_to_dummy_if_null(ops, sb_post_addmount);
+	set_to_dummy_if_null(ops, sb_pivotroot);
+	set_to_dummy_if_null(ops, sb_post_pivotroot);
+	set_to_dummy_if_null(ops, inode_alloc_security);
+	set_to_dummy_if_null(ops, inode_free_security);
+	set_to_dummy_if_null(ops, inode_create);
+	set_to_dummy_if_null(ops, inode_post_create);
+	set_to_dummy_if_null(ops, inode_link);
+	set_to_dummy_if_null(ops, inode_post_link);
+	set_to_dummy_if_null(ops, inode_unlink);
+	set_to_dummy_if_null(ops, inode_symlink);
+	set_to_dummy_if_null(ops, inode_post_symlink);
+	set_to_dummy_if_null(ops, inode_mkdir);
+	set_to_dummy_if_null(ops, inode_post_mkdir);
+	set_to_dummy_if_null(ops, inode_rmdir);
+	set_to_dummy_if_null(ops, inode_mknod);
+	set_to_dummy_if_null(ops, inode_post_mknod);
+	set_to_dummy_if_null(ops, inode_rename);
+	set_to_dummy_if_null(ops, inode_post_rename);
+	set_to_dummy_if_null(ops, inode_readlink);
+	set_to_dummy_if_null(ops, inode_follow_link);
+	set_to_dummy_if_null(ops, inode_permission);
+	set_to_dummy_if_null(ops, inode_permission_lite);
+	set_to_dummy_if_null(ops, inode_setattr);
+	set_to_dummy_if_null(ops, inode_getattr);
+	set_to_dummy_if_null(ops, inode_post_lookup);
+	set_to_dummy_if_null(ops, inode_delete);
+	set_to_dummy_if_null(ops, inode_setxattr);
+	set_to_dummy_if_null(ops, inode_getxattr);
+	set_to_dummy_if_null(ops, inode_listxattr);
+	set_to_dummy_if_null(ops, inode_removexattr);
+	set_to_dummy_if_null(ops, file_permission);
+	set_to_dummy_if_null(ops, file_alloc_security);
+	set_to_dummy_if_null(ops, file_free_security);
+	set_to_dummy_if_null(ops, file_ioctl);
+	set_to_dummy_if_null(ops, file_mmap);
+	set_to_dummy_if_null(ops, file_mprotect);
+	set_to_dummy_if_null(ops, file_lock);
+	set_to_dummy_if_null(ops, file_fcntl);
+	set_to_dummy_if_null(ops, file_set_fowner);
+	set_to_dummy_if_null(ops, file_send_sigiotask);
+	set_to_dummy_if_null(ops, file_receive);
+	set_to_dummy_if_null(ops, task_create);
+	set_to_dummy_if_null(ops, task_alloc_security);
+	set_to_dummy_if_null(ops, task_free_security);
+	set_to_dummy_if_null(ops, task_setuid);
+	set_to_dummy_if_null(ops, task_post_setuid);
+	set_to_dummy_if_null(ops, task_setgid);
+	set_to_dummy_if_null(ops, task_setpgid);
+	set_to_dummy_if_null(ops, task_getpgid);
+	set_to_dummy_if_null(ops, task_getsid);
+	set_to_dummy_if_null(ops, task_setgroups);
+	set_to_dummy_if_null(ops, task_setnice);
+	set_to_dummy_if_null(ops, task_setrlimit);
+	set_to_dummy_if_null(ops, task_setscheduler);
+	set_to_dummy_if_null(ops, task_getscheduler);
+	set_to_dummy_if_null(ops, task_wait);
+	set_to_dummy_if_null(ops, task_kill);
+	set_to_dummy_if_null(ops, task_prctl);
+	set_to_dummy_if_null(ops, task_kmod_set_label);
+	set_to_dummy_if_null(ops, task_reparent_to_init);
+	set_to_dummy_if_null(ops, ipc_permission);
+	set_to_dummy_if_null(ops, msg_queue_alloc_security);
+	set_to_dummy_if_null(ops, msg_queue_free_security);
+	set_to_dummy_if_null(ops, shm_alloc_security);
+	set_to_dummy_if_null(ops, shm_free_security);
+	set_to_dummy_if_null(ops, sem_alloc_security);
+	set_to_dummy_if_null(ops, sem_free_security);
+	set_to_dummy_if_null(ops, register_security);
+	set_to_dummy_if_null(ops, unregister_security);
+}
+
--- a/security/root_plug.c
+++ b/security/root_plug.c
+/*
+ * Root Plug sample LSM module
+ *
+ * Originally written for a Linux Journal.
+ *
+ * Copyright (C) 2002 Greg Kroah-Hartman <greg@kroah.com>
+ *
+ * Prevents any programs running with egid == 0 if a specific USB device
+ * is not present in the system.  Yes, it can be gotten around, but is a
+ * nice starting point for people to play with, and learn the LSM
+ * interface.
+ *
+ * If you want to turn this into something with a semblance of security,
+ * you need to hook the task_* functions also.
+ *
+ *	This program is free software; you can redistribute it and/or
+ *	modify it under the terms of the GNU General Public License as
+ *	published by the Free Software Foundation, version 2 of the
+ *	License.
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/security.h>
+#include <linux/usb.h>
+
+/* flag to keep track of how we were registered */
+static int secondary;
+
+/* default is a generic type of usb to serial converter */
+static int vendor_id = 0x0557;
+static int product_id = 0x2008;
+
+MODULE_PARM(vendor_id, "h");
+MODULE_PARM_DESC(vendor_id, "USB Vendor ID of device to look for");
+
+MODULE_PARM(product_id, "h");
+MODULE_PARM_DESC(product_id, "USB Product ID of device to look for");
+
+/* should we print out debug messages */
+static int debug = 0;
+
+MODULE_PARM(debug, "i");
+MODULE_PARM_DESC(debug, "Debug enabled or not");
+
+#if defined(CONFIG_SECURITY_ROOTPLUG_MODULE)
+#define MY_NAME THIS_MODULE->name
+#else
+#define MY_NAME "root_plug"
+#endif
+
+#define dbg(fmt, arg...)					\
+	do {							\
+		if (debug)					\
+			printk(KERN_DEBUG "%s: %s: " fmt ,	\
+				MY_NAME , __FUNCTION__ , 	\
+				## arg);			\
+	} while (0)
+
+extern struct list_head usb_bus_list;
+extern struct semaphore usb_bus_list_lock;
+
+static int match_device (struct usb_device *dev)
+{
+	int retval = -ENODEV;
+	int child;
+
+	dbg ("looking at vendor %d, product %d\n",
+	     dev->descriptor.idVendor,
+	     dev->descriptor.idProduct);
+
+	/* see if this device matches */
+	if ((dev->descriptor.idVendor == vendor_id) &&
+	    (dev->descriptor.idProduct == product_id)) {
+		dbg ("found the device!\n");
+		retval = 0;
+		goto exit;
+	}
+
+	/* look through all of the children of this device */
+	for (child = 0; child < dev->maxchild; ++child) {
+		if (dev->children[child]) {
+			retval = match_device (dev->children[child]);
+			if (retval == 0)
+				goto exit;
+		}
+	}
+exit:
+	return retval;
+}
+
+static int find_usb_device (void)
+{
+	struct list_head *buslist;
+	struct usb_bus *bus;
+	int retval = -ENODEV;
+	
+	down (&usb_bus_list_lock);
+	for (buslist = usb_bus_list.next;
+	     buslist != &usb_bus_list; 
+	     buslist = buslist->next) {
+		bus = container_of (buslist, struct usb_bus, bus_list);
+		retval = match_device(bus->root_hub);
+		if (retval == 0)
+			goto exit;
+	}
+exit:
+	up (&usb_bus_list_lock);
+	return retval;
+}
+	
+
+static int rootplug_bprm_check_security (struct linux_binprm *bprm)
+{
+	dbg ("file %s, e_uid = %d, e_gid = %d\n",
+	     bprm->filename, bprm->e_uid, bprm->e_gid);
+
+	if (bprm->e_gid == 0) {
+		if (find_usb_device() != 0) {
+			dbg ("e_gid = 0, and device not found, "
+				"task not allowed to run...\n");
+			return -EPERM;
+		}
+	}
+
+	return 0;
+}
+
+static struct security_operations rootplug_security_ops = {
+	/* Use the capability functions for some of the hooks */
+	.ptrace =			cap_ptrace,
+	.capget =			cap_capget,
+	.capset_check =			cap_capset_check,
+	.capset_set =			cap_capset_set,
+	.capable =			cap_capable,
+
+	.bprm_compute_creds =		cap_bprm_compute_creds,
+	.bprm_set_security =		cap_bprm_set_security,
+
+	.task_post_setuid =		cap_task_post_setuid,
+	.task_kmod_set_label =		cap_task_kmod_set_label,
+	.task_reparent_to_init =	cap_task_reparent_to_init,
+
+	.bprm_check_security =		rootplug_bprm_check_security,
+};
+
+static int __init rootplug_init (void)
+{
+	/* register ourselves with the security framework */
+	if (register_security (&rootplug_security_ops)) {
+		printk (KERN_INFO 
+			"Failure registering Root Plug module with the kernel\n");
+		/* try registering with primary module */
+		if (mod_reg_security (MY_NAME, &rootplug_security_ops)) {
+			printk (KERN_INFO "Failure registering Root Plug "
+				" module with primary security module.\n");
+			return -EINVAL;
+		}
+		secondary = 1;
+	}
+	printk (KERN_INFO "Root Plug module initialized, "
+		"vendor_id = %4.4x, product id = %4.4x\n", vendor_id, product_id);
+	return 0;
+}
+
+static void __exit rootplug_exit (void)
+{
+	/* remove ourselves from the security framework */
+	if (secondary) {
+		if (mod_unreg_security (MY_NAME, &rootplug_security_ops))
+			printk (KERN_INFO "Failure unregistering Root Plug "
+				" module with primary module.\n");
+	} else { 
+		if (unregister_security (&rootplug_security_ops)) {
+			printk (KERN_INFO "Failure unregistering Root Plug "
+				"module with the kernel\n");
+		}
+	}
+	printk (KERN_INFO "Root Plug module removed\n");
+}
+
+module_init (rootplug_init);
+module_exit (rootplug_exit);
+
+MODULE_DESCRIPTION("Root Plug sample LSM module, written for Linux Journal article");
+MODULE_LICENSE("GPL");
+
--- a/security/security.c
+++ b/security/security.c
@@ -20,59 +20,21 @@

 #define SECURITY_SCAFFOLD_VERSION	"1.0.0"

-extern struct security_operations dummy_security_ops;	/* lives in dummy.c */
+/* things that live in dummy.c */
+extern struct security_operations dummy_security_ops;
+extern void security_fixup_ops (struct security_operations *ops);

 struct security_operations *security_ops;	/* Initialized to NULL */

-/* This macro checks that all pointers in a struct are non-NULL.  It 
- * can be fooled by struct padding for object tile alignment and when
- * pointers to data and pointers to functions aren't the same size.
- * Yes it's ugly, we'll replace it if it becomes a problem.
- */
-#define VERIFY_STRUCT(struct_type, s, e) \
-	do { \
-		unsigned long * __start = (unsigned long *)(s); \
-		unsigned long * __end = __start + \
-				sizeof(struct_type)/sizeof(unsigned long *); \
-		while (__start != __end) { \
-			if (!*__start) { \
-				printk(KERN_INFO "%s is missing something\n",\
-					#struct_type); \
-				e++; \
-				break; \
-			} \
-			__start++; \
-		} \
-	} while (0)
-
-static int inline verify (struct security_operations *ops)
+static inline int verify (struct security_operations *ops)
 {
-	int err;
-
 	/* verify the security_operations structure exists */
 	if (!ops) {
 		printk (KERN_INFO "Passed a NULL security_operations "
 			"pointer, %s failed.\n", __FUNCTION__);
 		return -EINVAL;
 	}
-
-	/* Perform a little sanity checking on our inputs */
-	err = 0;
-
-	/* This first check scans the whole security_ops struct for
-	 * missing structs or functions.
-	 *
-	 * (There is no further check now, but will leave as is until
-	 *  the lazy registration stuff is done -- JM).
-	 */
-	VERIFY_STRUCT(struct security_operations, ops, err);
-
-	if (err) {
-		printk (KERN_INFO "Not enough functions specified in the "
-			"security_operation structure, %s failed.\n",
-			__FUNCTION__);
-		return -EINVAL;
-	}
+	security_fixup_ops (ops);
 	return 0;
 }

@@ -106,12 +68,12 @@ int security_scaffolding_startup (void)
 */
 int register_security (struct security_operations *ops)
 {
-
 	if (verify (ops)) {
 		printk (KERN_INFO "%s could not verify "
 			"security_operations structure.\n", __FUNCTION__);
 		return -EINVAL;
 	}
+
 	if (security_ops != &dummy_security_ops) {
 		printk (KERN_INFO "There is already a security "
 			"framework initialized, %s failed.\n", __FUNCTION__);