[Xenomai-core] [RFC][PATCH] security check for skin access
Hi,
you all may know that Xenomai provides a bulk of very powerful
interfaces to userspace real-time applications. But not everyone may
have thought about the fact yet that these syscall extensions are
accessible for *all* users in the system!
Well, real-time and security is a more complex topic, but we should at
least restore the same level of security which Linux provides. For this
purpose, the attached (and long-planned) patch adds basic access control
to all Xenomai skin services by requiring CAP_SYS_NICE, i.e. the same
capability that is also required to manipulate the normal Linux
scheduling parameters.
I would suggest to merge it, either as an option (with default=y), or
unconditionally (it's just a tiny additional check in the syscall path).
Jan
Index: ksrc/nucleus/shadow.c
===
--- ksrc/nucleus/shadow.c (revision 719)
+++ ksrc/nucleus/shadow.c (working copy)
@@ -1141,6 +1141,12 @@ static inline int do_hisyscall_event (un
if (!__xn_reg_mux_p(regs))
goto linux_syscall;
+if (unlikely(!cap_raised(p-cap_effective, CAP_SYS_NICE)))
+ {
+ __xn_error_return(regs,-EPERM);
+ return RTHAL_EVENT_STOP;
+ }
+
muxid = __xn_mux_id(regs);
muxop = __xn_mux_op(regs);
signature.asc
Description: OpenPGP digital signature
___
Xenomai-core mailing list
Xenomai-core@gna.org
https://mail.gna.org/listinfo/xenomai-core
Re: [Xenomai-core] [RFC][PATCH] security check for skin access
Jan Kiszka wrote:
Hi,
you all may know that Xenomai provides a bulk of very powerful
interfaces to userspace real-time applications. But not everyone may
have thought about the fact yet that these syscall extensions are
accessible for *all* users in the system!
Well, real-time and security is a more complex topic, but we should at
least restore the same level of security which Linux provides. For this
purpose, the attached (and long-planned) patch adds basic access control
to all Xenomai skin services by requiring CAP_SYS_NICE, i.e. the same
capability that is also required to manipulate the normal Linux
scheduling parameters.
I would suggest to merge it, either as an option (with default=y), or
unconditionally (it's just a tiny additional check in the syscall path).
Applied, thanks.
Jan
Index: ksrc/nucleus/shadow.c
===
--- ksrc/nucleus/shadow.c (revision 719)
+++ ksrc/nucleus/shadow.c (working copy)
@@ -1141,6 +1141,12 @@ static inline int do_hisyscall_event (un
if (!__xn_reg_mux_p(regs))
goto linux_syscall;
+if (unlikely(!cap_raised(p-cap_effective, CAP_SYS_NICE)))
+ {
+ __xn_error_return(regs,-EPERM);
+ return RTHAL_EVENT_STOP;
+ }
+
muxid = __xn_mux_id(regs);
muxop = __xn_mux_op(regs);
___
Xenomai-core mailing list
Xenomai-core@gna.org
https://mail.gna.org/listinfo/xenomai-core
--
Philippe.
___
Xenomai-core mailing list
Xenomai-core@gna.org
https://mail.gna.org/listinfo/xenomai-core
Re: [Xenomai-core] [RFC][PATCH] security check for skin access
Jan Kiszka wrote:
Hi,
you all may know that Xenomai provides a bulk of very powerful
interfaces to userspace real-time applications. But not everyone may
have thought about the fact yet that these syscall extensions are
accessible for *all* users in the system!
Well, real-time and security is a more complex topic, but we should at
least restore the same level of security which Linux provides. For this
purpose, the attached (and long-planned) patch adds basic access control
to all Xenomai skin services by requiring CAP_SYS_NICE, i.e. the same
capability that is also required to manipulate the normal Linux
scheduling parameters.
I would suggest to merge it, either as an option (with default=y), or
unconditionally (it's just a tiny additional check in the syscall path).
Also added the CONFIG_OPT_SECURITY_ACCESS switch to make this check conditional.
Jan
Index: ksrc/nucleus/shadow.c
===
--- ksrc/nucleus/shadow.c (revision 719)
+++ ksrc/nucleus/shadow.c (working copy)
@@ -1141,6 +1141,12 @@ static inline int do_hisyscall_event (un
if (!__xn_reg_mux_p(regs))
goto linux_syscall;
+if (unlikely(!cap_raised(p-cap_effective, CAP_SYS_NICE)))
+ {
+ __xn_error_return(regs,-EPERM);
+ return RTHAL_EVENT_STOP;
+ }
+
muxid = __xn_mux_id(regs);
muxop = __xn_mux_op(regs);
___
Xenomai-core mailing list
Xenomai-core@gna.org
https://mail.gna.org/listinfo/xenomai-core
--
Philippe.
___
Xenomai-core mailing list
Xenomai-core@gna.org
https://mail.gna.org/listinfo/xenomai-core
