[patch 3/7] BSD Secure Levels: allow suid and sgid on directories

This is the third in a series of seven patches to the BSD Secure
Levels LSM.  It allows setuid and setgid on directories.  It also
disallows the creation of setuid/setgid executables via open or mknod.
Thanks to Brad Spengler for the suggestion.

Signed off by: Michael Halcrow <[email protected]>

Index: linux-2.6.12-rc4-mm2-seclvl/security/seclvl.c
===================================================================
--- linux-2.6.12-rc4-mm2-seclvl.orig/security/seclvl.c	2005-05-16 16:27:27.000000000 -0500
+++ linux-2.6.12-rc4-mm2-seclvl/security/seclvl.c	2005-05-16 16:28:19.000000000 -0500
@@ -540,7 +540,11 @@
 static int seclvl_inode_setattr(struct dentry *dentry, struct iattr *iattr)
 {
 	if (seclvl > 0) {
-		if (iattr->ia_valid & ATTR_MODE)
+		if (dentry && dentry->d_inode
+		    && S_ISDIR(dentry->d_inode->i_mode)) {
+			return 0;
+		}
+		if (iattr && iattr->ia_valid & ATTR_MODE)
 			if (iattr->ia_mode & S_ISUID ||
 			    iattr->ia_mode & S_ISGID) {
 				seclvl_printk(1, KERN_WARNING "%s: Attempt to "
@@ -554,6 +558,36 @@
 }
 
 /**
+ * Prevent an end-run around the inode_setattr control.
+ */
+static int seclvl_inode_mknod(struct inode *inode, struct dentry *dentry,
+			      int mode, dev_t dev)
+{
+	if (seclvl > 0 && (mode & 02000 || mode & 04000)) {
+		seclvl_printk(1, KERN_WARNING "%s: Attempt to mknod with suid "
+			      "or guid bit set in seclvl [%d]\n", __FUNCTION__,
+			      seclvl);
+		return -EPERM;
+	}
+	return 0;
+}
+
+/**
+ * Prevent an end-run around the inode_setattr control.
+ */
+static int
+seclvl_inode_create(struct inode *inode, struct dentry *dentry, int mask)
+{
+	if (seclvl > 0 && (mask & 02000 || mask & 04000)) {
+		seclvl_printk(1, KERN_WARNING "%s: Attempt to "
+			      "create inode with suid or guid bit set in "
+			      "seclvl [%d]\n", __FUNCTION__, seclvl);
+		return -EPERM;
+	}
+	return 0;
+}
+
+/**
  * Release busied block devices.
  */
 static void seclvl_file_free_security(struct file *filp)
@@ -594,6 +628,8 @@
 	.capable = seclvl_capable,
 	.file_permission = seclvl_file_permission,
 	.inode_setattr = seclvl_inode_setattr,
+	.inode_mknod = seclvl_inode_mknod,
+	.inode_create = seclvl_inode_create,
 	.file_free_security = seclvl_file_free_security,
 	.settime = seclvl_settime,
 	.sb_umount = seclvl_umount,
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • [patch 1/7] BSD Secure Levels: printk overhaul
    • From: Michael Halcrow <[email protected]>

• Prev by Date: [patch 2/7] BSD Secure Levels: move bd claim from inode to filp
• Next by Date: [patch 4/7] BSD Secure Levels: memory alloc failure check
• Previous by thread: Re: [patch 2/7] BSD Secure Levels: move bd claim from inode to filp
• Next by thread: [patch 4/7] BSD Secure Levels: memory alloc failure check
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]