Tetsuo Handa wrote:
> Oh, I didn't know TOMOYO needs to call cap_bprm_set_creds().
It is indeed a bug. James, please apply the attached patch for 2.6.30.
> SMACK is calling below capability hooks.
> Maybe TOMOYO needs to call below capability hooks as well.
>
> struct security_operations smack_ops = {
> .capget = cap_capget,
> .capset = cap_capset,
> .capable = cap_capable,
> .settime = cap_settime,
> .vm_enough_memory = cap_vm_enough_memory,
> .bprm_set_creds = cap_bprm_set_creds,
> .bprm_secureexec = cap_bprm_secureexec,
> .inode_need_killpriv = cap_inode_need_killpriv,
> .inode_killpriv = cap_inode_killpriv,
> .task_fix_setuid = cap_task_fix_setuid,
> .task_prctl = cap_task_prctl,
> .netlink_send = cap_netlink_send,
> .netlink_recv = cap_netlink_recv,
> };
I compared with
static struct security_operations tomoyo_security_ops = {
.name = "tomoyo",
.cred_prepare = tomoyo_cred_prepare,
.bprm_set_creds = tomoyo_bprm_set_creds,
.bprm_check_security = tomoyo_bprm_check_security,
#ifdef CONFIG_SYSCTL
.sysctl = tomoyo_sysctl,
#endif
.file_fcntl = tomoyo_file_fcntl,
.dentry_open = tomoyo_dentry_open,
.path_truncate = tomoyo_path_truncate,
.path_unlink = tomoyo_path_unlink,
.path_mkdir = tomoyo_path_mkdir,
.path_rmdir = tomoyo_path_rmdir,
.path_symlink = tomoyo_path_symlink,
.path_mknod = tomoyo_path_mknod,
.path_link = tomoyo_path_link,
.path_rename = tomoyo_path_rename,
};
and .bprm_set_creds is the only hook which TOMOYO overrides.
All other hooks will be set to capability hooks by security_fixup_ops().
By the way, is there any reason SMACK explicitly sets above capability hooks
instead of letting security_fixup_ops() set above capability hooks?
Regards.
----------------------------------------
[PATCH 2.6.30] tomoyo: add missing call to cap_bprm_set_creds
cap_bprm_set_creds() has to be called from security_bprm_set_creds().
TOMOYO forgot to call cap_bprm_set_creds() from tomoyo_bprm_set_creds()
and suid executables were not being working.
Make sure we call cap_bprm_set_creds() with TOMOYO, to set credentials
properly inside tomoyo_bprm_set_creds().
Signed-off-by: Herton Ronaldo Krzesinski <[email protected]>
Acked-by: Tetsuo Handa <[email protected]>
---
security/tomoyo/tomoyo.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 5b48191..e42be5c 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -27,6 +27,12 @@ static int tomoyo_cred_prepare(struct cred *new, const
struct cred *old,
static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
{
+ int rc;
+
+ rc = cap_bprm_set_creds(bprm);
+ if (rc)
+ return rc;
+
/*
* Do only if this function is called for the first time of an execve
* operation.
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
