On Tue, Nov 05, 2013 at 05:34:58AM -0800, John Johansen wrote: > Signed-off-by: John Johansen <[email protected]>
Both nfs_permission() and fuse_permission() use MAY_CHDIR without an
obvious security hook nearby. (The chroot() syscall does have a nearby
security_path_chroot() call.) Should this patch add security_path_chdir()
calls to these locations?
I believe this is correct as written, but I thought I'd ask for
confirmation.
Thanks
> ---
> fs/open.c | 8 ++++++++
> include/linux/security.h | 11 +++++++++++
> security/security.c | 7 +++++++
> 3 files changed, 26 insertions(+)
>
> diff --git a/fs/open.c b/fs/open.c
> index d420331..9505fc5 100644
> --- a/fs/open.c
> +++ b/fs/open.c
> @@ -387,6 +387,10 @@ retry:
> if (error)
> goto out;
>
> + error = security_path_chdir(&path);
> + if (error)
> + goto dput_and_out;
> +
> error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
> if (error)
> goto dput_and_out;
> @@ -419,6 +423,10 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
> if (!S_ISDIR(inode->i_mode))
> goto out_putf;
>
> + error = security_path_chdir(&f.file->f_path);
> + if (error)
> + goto out_putf;
> +
> error = inode_permission(inode, MAY_EXEC | MAY_CHDIR);
> if (!error)
> set_fs_pwd(current->fs, &f.file->f_path);
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 9d37e2b..ed693ff 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -466,6 +466,10 @@ static inline void security_free_mnt_opts(struct
> security_mnt_opts *opts)
> * @uid contains new owner's ID.
> * @gid contains new group's ID.
> * Return 0 if permission is granted.
> + * @path_chdir:
> + * Check for permission to change working directory to @path.
> + * @path contains the path structure.
> + * Return 0 if permission is granted.
> * @path_chroot:
> * Check for permission to change root directory.
> * @path contains the path structure.
> @@ -1486,6 +1490,7 @@ struct security_operations {
> struct path *new_dir, struct dentry *new_dentry);
> int (*path_chmod) (struct path *path, umode_t mode);
> int (*path_chown) (struct path *path, kuid_t uid, kgid_t gid);
> + int (*path_chdir) (struct path *path);
> int (*path_chroot) (struct path *path);
> #endif
>
> @@ -2944,6 +2949,7 @@ int security_path_rename(struct path *old_dir, struct
> dentry *old_dentry,
> struct path *new_dir, struct dentry *new_dentry);
> int security_path_chmod(struct path *path, umode_t mode);
> int security_path_chown(struct path *path, kuid_t uid, kgid_t gid);
> +int security_path_chdir(struct path *path);
> int security_path_chroot(struct path *path);
> #else /* CONFIG_SECURITY_PATH */
> static inline int security_path_unlink(struct path *dir, struct dentry
> *dentry)
> @@ -3004,6 +3010,11 @@ static inline int security_path_chown(struct path
> *path, kuid_t uid, kgid_t gid)
> return 0;
> }
>
> +static inline int security_path_chdir(struct path *path)
> +{
> + return 0;
> +}
> +
> static inline int security_path_chroot(struct path *path)
> {
> return 0;
> diff --git a/security/security.c b/security/security.c
> index 4dc31f4..ca57c35 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -464,6 +464,13 @@ int security_path_chown(struct path *path, kuid_t uid,
> kgid_t gid)
> return security_ops->path_chown(path, uid, gid);
> }
>
> +int security_path_chdir(struct path *path)
> +{
> + if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
> + return 0;
> + return security_ops->path_chdir(path);
> +}
> +
> int security_path_chroot(struct path *path)
> {
> return security_ops->path_chroot(path);
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
