Commit 23644641 authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] Add signal state inheritance control to SELinux

From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch against 2.6.0 adds a control to the SELinux module over the
inheritance of signal-related state upon security context transitions in
order to protect the new security context.  If the permission is not
granted by the policy for a given pair of contexts, then transitions
between them will clear itimers, flush all pending signals, forcibly
flush signal handlers, and unblock all signals.  Roland McGrath provided
input and feedback on the patch. 
Please apply, or let James Morris and me know if you'd like this to be
resubmitted later.  Thanks.
parent e606758e
...@@ -1515,7 +1515,8 @@ static void selinux_bprm_compute_creds(struct linux_binprm *bprm) ...@@ -1515,7 +1515,8 @@ static void selinux_bprm_compute_creds(struct linux_binprm *bprm)
struct bprm_security_struct *bsec; struct bprm_security_struct *bsec;
u32 sid; u32 sid;
struct av_decision avd; struct av_decision avd;
int rc; struct itimerval itimer;
int rc, i;
secondary_ops->bprm_compute_creds(bprm); secondary_ops->bprm_compute_creds(bprm);
...@@ -1565,6 +1566,26 @@ static void selinux_bprm_compute_creds(struct linux_binprm *bprm) ...@@ -1565,6 +1566,26 @@ static void selinux_bprm_compute_creds(struct linux_binprm *bprm)
/* Close files for which the new task SID is not authorized. */ /* Close files for which the new task SID is not authorized. */
flush_unauthorized_files(current->files); flush_unauthorized_files(current->files);
/* Check whether the new SID can inherit signal state
from the old SID. If not, clear itimers to avoid
subsequent signal generation and flush and unblock
signals. This must occur _after_ the task SID has
been updated so that any kill done after the flush
will be checked against the new SID. */
rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
PROCESS__SIGINH, NULL, NULL);
if (rc) {
memset(&itimer, 0, sizeof itimer);
for (i = 0; i < 3; i++)
do_setitimer(i, &itimer, NULL);
flush_signals(current);
spin_lock_irq(&current->sighand->siglock);
flush_signal_handlers(current, 1);
sigemptyset(&current->blocked);
recalc_sigpending();
spin_unlock_irq(&current->sighand->siglock);
}
/* Wake up the parent if it is waiting so that it can /* Wake up the parent if it is waiting so that it can
recheck wait permission to the new task SID. */ recheck wait permission to the new task SID. */
wake_up_interruptible(&current->parent->wait_chldexit); wake_up_interruptible(&current->parent->wait_chldexit);
......
...@@ -66,6 +66,7 @@ static struct av_perm_to_string av_perm_to_string[] = { ...@@ -66,6 +66,7 @@ static struct av_perm_to_string av_perm_to_string[] = {
{ SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec" }, { SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec" },
{ SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate" }, { SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate" },
{ SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure" }, { SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure" },
{ SECCLASS_PROCESS, PROCESS__SIGINH, "siginh" },
{ SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue" }, { SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue" },
{ SECCLASS_MSG, MSG__SEND, "send" }, { SECCLASS_MSG, MSG__SEND, "send" },
{ SECCLASS_MSG, MSG__RECEIVE, "receive" }, { SECCLASS_MSG, MSG__RECEIVE, "receive" },
......
...@@ -450,6 +450,7 @@ ...@@ -450,6 +450,7 @@
#define PROCESS__SETEXEC 0x00020000UL #define PROCESS__SETEXEC 0x00020000UL
#define PROCESS__SETFSCREATE 0x00040000UL #define PROCESS__SETFSCREATE 0x00040000UL
#define PROCESS__NOATSECURE 0x00080000UL #define PROCESS__NOATSECURE 0x00080000UL
#define PROCESS__SIGINH 0x00100000UL
#define IPC__SETATTR 0x00000008UL #define IPC__SETATTR 0x00000008UL
#define IPC__READ 0x00000010UL #define IPC__READ 0x00000010UL
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment