This patch,based on sample code by Roland McGrath, adds an execheap
permission check that controls the ability to make the heap executable
so that this can be prevented in almost all cases (the X server is
presently an exception, but this will hopefully be resolved in the future)
so that even programs with execmem permission will need to have the anonymous
memory mapped in order to make it executable.
The only reason that we use a permission check for such restriction
(vs. making it unconditional) is that the X module loader presently
needs it; it could possibly be made unconditional in the future when
X is changed.
The policy patch for the execheap permission is available at:
http://pearls.tuxedo-es.org/patches/selinux/policy-execheap.patch
Signed-off-by: Lorenzo Hernandez Garcia-Hierro <[email protected]>
---
security/selinux/hooks.c | 11 +++++++++++
security/selinux/include/av_perm_to_string.h | 1 +
security/selinux/include/av_permissions.h | 1 +
3 files changed, 13 insertions(+)
diff -puN security/selinux/hooks.c~selinux-kernel-execheap security/selinux/hooks.c
--- linux-2.6.11/security/selinux/hooks.c~selinux-kernel-execheap 2005-06-21 13:27:21.647102768 +0200
+++ linux-2.6.11-lorenzo/security/selinux/hooks.c 2005-06-21 13:27:21.862070088 +0200
@@ -2480,6 +2480,17 @@ static int selinux_file_mprotect(struct
prot = reqprot;
#ifndef CONFIG_PPC32
+ if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXECUTABLE) &&
+ (vma->vm_start >= vma->vm_mm->start_brk &&
+ vma->vm_end <= vma->vm_mm->brk)) {
+ /*
+ * We are making an executable mapping in the brk region.
+ * This has an additional execheap check.
+ */
+ rc = task_has_perm(current, current, PROCESS__EXECHEAP);
+ if (rc)
+ return rc;
+ }
if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) {
/*
* We are making executable a file mapping that has
diff -puN security/selinux/include/av_permissions.h~selinux-kernel-execheap security/selinux/include/av_permissions.h
--- linux-2.6.11/security/selinux/include/av_permissions.h~selinux-kernel-execheap 2005-06-21 13:27:21.649102464 +0200
+++ linux-2.6.11-lorenzo/security/selinux/include/av_permissions.h 2005-06-21 13:27:21.860070392 +0200
@@ -466,6 +466,7 @@
#define PROCESS__SETCURRENT 0x01000000UL
#define PROCESS__EXECMEM 0x02000000UL
#define PROCESS__EXECSTACK 0x04000000UL
+#define PROCESS__EXECHEAP 0x08000000UL
#define IPC__CREATE 0x00000001UL
#define IPC__DESTROY 0x00000002UL
diff -puN security/selinux/include/av_perm_to_string.h~selinux-kernel-execheap security/selinux/include/av_perm_to_string.h
--- linux-2.6.11/security/selinux/include/av_perm_to_string.h~selinux-kernel-execheap 2005-06-21 13:27:21.856071000 +0200
+++ linux-2.6.11-lorenzo/security/selinux/include/av_perm_to_string.h 2005-06-21 13:27:21.860070392 +0200
@@ -71,6 +71,7 @@
S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent")
S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
+ S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
S_(SECCLASS_MSG, MSG__SEND, "send")
S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
_
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]