Commit f803e090 authored by Linus Torvalds's avatar Linus Torvalds

Merge bk://lsm.bkbits.net/linus-2.5

into home.transmeta.com:/home/torvalds/v2.5/linux
parents cbfe51cb 712adcb4
...@@ -85,12 +85,14 @@ static inline void cap_set_pg(int pgrp, kernel_cap_t *effective, ...@@ -85,12 +85,14 @@ static inline void cap_set_pg(int pgrp, kernel_cap_t *effective,
kernel_cap_t *permitted) kernel_cap_t *permitted)
{ {
task_t *g, *target; task_t *g, *target;
struct list_head *l;
struct pid *pid;
do_each_thread(g, target) { for_each_task_pid(pgrp, PIDTYPE_PGID, g, l, pid) {
if (target->pgrp != pgrp) target = g;
continue; while_each_thread(g, target)
security_capset_set(target, effective, inheritable, permitted); security_capset_set(target, effective, inheritable, permitted);
} while_each_thread(g, target); }
} }
/* /*
......
...@@ -27,8 +27,11 @@ config SECURITY_ROOTPLUG ...@@ -27,8 +27,11 @@ config SECURITY_ROOTPLUG
depends on SECURITY!=n depends on SECURITY!=n
help help
This is a sample LSM module that should only be used as such. This is a sample LSM module that should only be used as such.
It enables control over processes being created by root users It prevents any programs running with egid == 0 if a specific
if a specific USB device is not present in the system. USB device is not present in the system.
See <http://www.linuxjournal.com/article.php?sid=6279> for
more information about this module.
If you are unsure how to answer this question, answer N. If you are unsure how to answer this question, answer N.
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
* security model is loaded. * security model is loaded.
* *
* Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
* Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
* Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
...@@ -542,111 +542,7 @@ static int dummy_unregister_security (const char *name, struct security_operatio ...@@ -542,111 +542,7 @@ static int dummy_unregister_security (const char *name, struct security_operatio
return -EINVAL; return -EINVAL;
} }
struct security_operations dummy_security_ops = { struct security_operations dummy_security_ops;
.ptrace = dummy_ptrace,
.capget = dummy_capget,
.capset_check = dummy_capset_check,
.capset_set = dummy_capset_set,
.acct = dummy_acct,
.capable = dummy_capable,
.quotactl = dummy_quotactl,
.quota_on = dummy_quota_on,
.bprm_alloc_security = dummy_bprm_alloc_security,
.bprm_free_security = dummy_bprm_free_security,
.bprm_compute_creds = dummy_bprm_compute_creds,
.bprm_set_security = dummy_bprm_set_security,
.bprm_check_security = dummy_bprm_check_security,
.sb_alloc_security = dummy_sb_alloc_security,
.sb_free_security = dummy_sb_free_security,
.sb_statfs = dummy_sb_statfs,
.sb_mount = dummy_sb_mount,
.sb_check_sb = dummy_sb_check_sb,
.sb_umount = dummy_sb_umount,
.sb_umount_close = dummy_sb_umount_close,
.sb_umount_busy = dummy_sb_umount_busy,
.sb_post_remount = dummy_sb_post_remount,
.sb_post_mountroot = dummy_sb_post_mountroot,
.sb_post_addmount = dummy_sb_post_addmount,
.sb_pivotroot = dummy_sb_pivotroot,
.sb_post_pivotroot = dummy_sb_post_pivotroot,
.inode_alloc_security = dummy_inode_alloc_security,
.inode_free_security = dummy_inode_free_security,
.inode_create = dummy_inode_create,
.inode_post_create = dummy_inode_post_create,
.inode_link = dummy_inode_link,
.inode_post_link = dummy_inode_post_link,
.inode_unlink = dummy_inode_unlink,
.inode_symlink = dummy_inode_symlink,
.inode_post_symlink = dummy_inode_post_symlink,
.inode_mkdir = dummy_inode_mkdir,
.inode_post_mkdir = dummy_inode_post_mkdir,
.inode_rmdir = dummy_inode_rmdir,
.inode_mknod = dummy_inode_mknod,
.inode_post_mknod = dummy_inode_post_mknod,
.inode_rename = dummy_inode_rename,
.inode_post_rename = dummy_inode_post_rename,
.inode_readlink = dummy_inode_readlink,
.inode_follow_link = dummy_inode_follow_link,
.inode_permission = dummy_inode_permission,
.inode_permission_lite = dummy_inode_permission_lite,
.inode_setattr = dummy_inode_setattr,
.inode_getattr = dummy_inode_getattr,
.inode_post_lookup = dummy_inode_post_lookup,
.inode_delete = dummy_inode_delete,
.inode_setxattr = dummy_inode_setxattr,
.inode_getxattr = dummy_inode_getxattr,
.inode_listxattr = dummy_inode_listxattr,
.inode_removexattr = dummy_inode_removexattr,
.file_permission = dummy_file_permission,
.file_alloc_security = dummy_file_alloc_security,
.file_free_security = dummy_file_free_security,
.file_ioctl = dummy_file_ioctl,
.file_mmap = dummy_file_mmap,
.file_mprotect = dummy_file_mprotect,
.file_lock = dummy_file_lock,
.file_fcntl = dummy_file_fcntl,
.file_set_fowner = dummy_file_set_fowner,
.file_send_sigiotask = dummy_file_send_sigiotask,
.file_receive = dummy_file_receive,
.task_create = dummy_task_create,
.task_alloc_security = dummy_task_alloc_security,
.task_free_security = dummy_task_free_security,
.task_setuid = dummy_task_setuid,
.task_post_setuid = dummy_task_post_setuid,
.task_setgid = dummy_task_setgid,
.task_setpgid = dummy_task_setpgid,
.task_getpgid = dummy_task_getpgid,
.task_getsid = dummy_task_getsid,
.task_setgroups = dummy_task_setgroups,
.task_setnice = dummy_task_setnice,
.task_setrlimit = dummy_task_setrlimit,
.task_setscheduler = dummy_task_setscheduler,
.task_getscheduler = dummy_task_getscheduler,
.task_wait = dummy_task_wait,
.task_kill = dummy_task_kill,
.task_prctl = dummy_task_prctl,
.task_kmod_set_label = dummy_task_kmod_set_label,
.task_reparent_to_init = dummy_task_reparent_to_init,
.ipc_permission = dummy_ipc_permission,
.msg_queue_alloc_security = dummy_msg_queue_alloc_security,
.msg_queue_free_security = dummy_msg_queue_free_security,
.shm_alloc_security = dummy_shm_alloc_security,
.shm_free_security = dummy_shm_free_security,
.sem_alloc_security = dummy_sem_alloc_security,
.sem_free_security = dummy_sem_free_security,
.register_security = dummy_register_security,
.unregister_security = dummy_unregister_security,
};
#define set_to_dummy_if_null(ops, function) \ #define set_to_dummy_if_null(ops, function) \
do { \ do { \
......
...@@ -13,6 +13,9 @@ ...@@ -13,6 +13,9 @@
* If you want to turn this into something with a semblance of security, * If you want to turn this into something with a semblance of security,
* you need to hook the task_* functions also. * you need to hook the task_* functions also.
* *
* See http://www.linuxjournal.com/article.php?sid=6279 for more information
* about this code.
*
* This program is free software; you can redistribute it and/or * This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as * modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation, version 2 of the * published by the Free Software Foundation, version 2 of the
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
* Security plug functions * Security plug functions
* *
* Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
* Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
* Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
...@@ -48,6 +48,12 @@ int security_scaffolding_startup (void) ...@@ -48,6 +48,12 @@ int security_scaffolding_startup (void)
printk (KERN_INFO "Security Scaffold v" SECURITY_SCAFFOLD_VERSION printk (KERN_INFO "Security Scaffold v" SECURITY_SCAFFOLD_VERSION
" initialized\n"); " initialized\n");
if (verify (&dummy_security_ops)) {
printk (KERN_ERR "%s could not verify "
"dummy_security_ops structure.\n", __FUNCTION__);
return -EIO;
}
security_ops = &dummy_security_ops; security_ops = &dummy_security_ops;
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment