Tetsuo Handa wrote:
> Tetsuo Handa wrote:
>
>> Oh, I didn't know TOMOYO needs to call cap_bprm_set_creds().
>>
>
> It is indeed a bug. James, please apply the attached patch for 2.6.30.
>
>
>> SMACK is calling below capability hooks.
>> Maybe TOMOYO needs to call below capability hooks as well.
>>
>> struct security_operations smack_ops = {
>> .capget = cap_capget,
>> .capset = cap_capset,
>> .capable = cap_capable,
>> .settime = cap_settime,
>> .vm_enough_memory = cap_vm_enough_memory,
>> .bprm_set_creds = cap_bprm_set_creds,
>> .bprm_secureexec = cap_bprm_secureexec,
>> .inode_need_killpriv = cap_inode_need_killpriv,
>> .inode_killpriv = cap_inode_killpriv,
>> .task_fix_setuid = cap_task_fix_setuid,
>> .task_prctl = cap_task_prctl,
>> .netlink_send = cap_netlink_send,
>> .netlink_recv = cap_netlink_recv,
>> };
>>
>
> I compared with
>
> static struct security_operations tomoyo_security_ops = {
> .name = "tomoyo",
> .cred_prepare = tomoyo_cred_prepare,
> .bprm_set_creds = tomoyo_bprm_set_creds,
> .bprm_check_security = tomoyo_bprm_check_security,
> #ifdef CONFIG_SYSCTL
> .sysctl = tomoyo_sysctl,
> #endif
> .file_fcntl = tomoyo_file_fcntl,
> .dentry_open = tomoyo_dentry_open,
> .path_truncate = tomoyo_path_truncate,
> .path_unlink = tomoyo_path_unlink,
> .path_mkdir = tomoyo_path_mkdir,
> .path_rmdir = tomoyo_path_rmdir,
> .path_symlink = tomoyo_path_symlink,
> .path_mknod = tomoyo_path_mknod,
> .path_link = tomoyo_path_link,
> .path_rename = tomoyo_path_rename,
> };
>
> and .bprm_set_creds is the only hook which TOMOYO overrides.
> All other hooks will be set to capability hooks by security_fixup_ops().
>
> By the way, is there any reason SMACK explicitly sets above capability hooks
> instead of letting security_fixup_ops() set above capability hooks?
>
No good reason at any rate. That is a clean-up task that I have not
gotten to.
> Regards.
> ----------------------------------------
> [PATCH 2.6.30] tomoyo: add missing call to cap_bprm_set_creds
>
> cap_bprm_set_creds() has to be called from security_bprm_set_creds().
> TOMOYO forgot to call cap_bprm_set_creds() from tomoyo_bprm_set_creds()
> and suid executables were not being working.
>
> Make sure we call cap_bprm_set_creds() with TOMOYO, to set credentials
> properly inside tomoyo_bprm_set_creds().
>
> Signed-off-by: Herton Ronaldo Krzesinski <[email protected]>
> Acked-by: Tetsuo Handa <[email protected]>
> ---
> security/tomoyo/tomoyo.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
> index 5b48191..e42be5c 100644
> --- a/security/tomoyo/tomoyo.c
> +++ b/security/tomoyo/tomoyo.c
> @@ -27,6 +27,12 @@ static int tomoyo_cred_prepare(struct cred *new, const
> struct cred *old,
>
> static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
> {
> + int rc;
> +
> + rc = cap_bprm_set_creds(bprm);
> + if (rc)
> + return rc;
> +
> /*
> * Do only if this function is called for the first time of an execve
> * operation.
> --
> To unsubscribe from this list: send the line "unsubscribe
> linux-security-module" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
>
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
