[PATCH] Default hooks protecting the XATTR_SECURITY_PREFIX namespace

From: Chris Wright <chrisw@osdl.org> Add default hooks for both the dummy and capability code to protect the XATTR_SECURITY_PREFIX namespace. These EAs were fully accessible to unauthorized users, so a user that rebooted from an SELinux kernel to a default kernel would leave those critical EAs unprotected. (Acked by Stephen Smalley)

[PATCH] Default hooks protecting the XATTR_SECURITY_PREFIX namespace
From: Chris Wright <chrisw@osdl.org> Add default hooks for both the dummy and capability code to protect the XATTR_SECURITY_PREFIX namespace. These EAs were fully accessible to unauthorized users, so a user that rebooted from an SELinux kernel to a default kernel would leave those critical EAs unprotected. (Acked by Stephen Smalley)
3ba6fffc · Andrew Morton · Linus Torvalds · 76ef5df3 · 3ba6fffc · 3ba6fffc
Commit 3ba6fffc authored Jan 20, 2004 by Andrew Morton Committed by Linus Torvalds Jan 20, 2004
Showing with 38 additions and 2 deletions

include/linux/security.h include/linux/security.h +4 -2

security/capability.c security/capability.c +3 -0

security/commoncap.c security/commoncap.c +22 -0

security/dummy.c security/dummy.c +9 -0

No files found.
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -46,6 +46,8 @@ extern void cap_capset_set (struct task_struct *target, kernel_cap_t *effective,
 extern int cap_bprm_set_security (struct linux_binprm *bprm);
 extern void cap_bprm_compute_creds (struct linux_binprm *bprm);
 extern int cap_bprm_secureexec(struct linux_binprm *bprm);
+extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags);
+extern int cap_inode_removexattr(struct dentry *dentry, char *name);
 extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
 extern void cap_task_reparent_to_init (struct task_struct *p);
 extern int cap_syslog (int type);
@@ -2155,7 +2157,7 @@ static inline void security_inode_delete (struct inode *inode)
 static inline int security_inode_setxattr (struct dentry *dentry, char *name,
 					   void *value, size_t size, int flags)
 {
-	return 0;
+	return cap_inode_setxattr(dentry, name, value, size, flags);
 }

 static inline void security_inode_post_setxattr (struct dentry *dentry, char *name,
@@ -2174,7 +2176,7 @@ static inline int security_inode_listxattr (struct dentry *dentry)

 static inline int security_inode_removexattr (struct dentry *dentry, char *name)
 {
-	return 0;
+	return cap_inode_removexattr(dentry, name);
 }

 static inline int security_inode_getsecurity(struct dentry *dentry, const char *name, void *buffer, size_t size)

--- a/security/capability.c
+++ b/security/capability.c
@@ -39,6 +39,9 @@ static struct security_operations capability_ops = {
 	.bprm_set_security =		cap_bprm_set_security,
 	.bprm_secureexec =		cap_bprm_secureexec,

+	.inode_setxattr =		cap_inode_setxattr,
+	.inode_removexattr =		cap_inode_removexattr,
+
 	.task_post_setuid =		cap_task_post_setuid,
 	.task_reparent_to_init =	cap_task_reparent_to_init,


--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -21,6 +21,7 @@
 #include <linux/skbuff.h>
 #include <linux/netlink.h>
 #include <linux/ptrace.h>
+#include <linux/xattr.h>

 int cap_capable (struct task_struct *tsk, int cap)
 {
@@ -171,6 +172,25 @@ int cap_bprm_secureexec (struct linux_binprm *bprm)
 		current->egid != current->gid);
 }

+int cap_inode_setxattr(struct dentry *dentry, char *name, void *value,
+		       size_t size, int flags)
+{
+	if (!strncmp(name, XATTR_SECURITY_PREFIX,
+		     sizeof(XATTR_SECURITY_PREFIX) - 1)  &&
+	    !capable(CAP_SYS_ADMIN))
+		return -EPERM;
+	return 0;
+}
+
+int cap_inode_removexattr(struct dentry *dentry, char *name)
+{
+	if (!strncmp(name, XATTR_SECURITY_PREFIX,
+		     sizeof(XATTR_SECURITY_PREFIX) - 1)  &&
+	    !capable(CAP_SYS_ADMIN))
+		return -EPERM;
+	return 0;
+}
+
 /* moved from kernel/sys.c. */
 /* 
 * cap_emulate_setxuid() fixes the effective / permitted capabilities of
@@ -344,6 +364,8 @@ EXPORT_SYMBOL(cap_capset_set);
 EXPORT_SYMBOL(cap_bprm_set_security);
 EXPORT_SYMBOL(cap_bprm_compute_creds);
 EXPORT_SYMBOL(cap_bprm_secureexec);
+EXPORT_SYMBOL(cap_inode_setxattr);
+EXPORT_SYMBOL(cap_inode_removexattr);
 EXPORT_SYMBOL(cap_task_post_setuid);
 EXPORT_SYMBOL(cap_task_reparent_to_init);
 EXPORT_SYMBOL(cap_syslog);

--- a/security/dummy.c
+++ b/security/dummy.c
@@ -24,6 +24,7 @@
 #include <linux/skbuff.h>
 #include <linux/netlink.h>
 #include <net/sock.h>
+#include <linux/xattr.h>

 static int dummy_ptrace (struct task_struct *parent, struct task_struct *child)
 {
@@ -387,6 +388,10 @@ static void dummy_inode_delete (struct inode *ino)
 static int dummy_inode_setxattr (struct dentry *dentry, char *name, void *value,
 				size_t size, int flags)
 {
+	if (!strncmp(name, XATTR_SECURITY_PREFIX,
+		     sizeof(XATTR_SECURITY_PREFIX) - 1) &&
+	    !capable(CAP_SYS_ADMIN))
+		return -EPERM;
 	return 0;
 }

@@ -407,6 +412,10 @@ static int dummy_inode_listxattr (struct dentry *dentry)

 static int dummy_inode_removexattr (struct dentry *dentry, char *name)
 {
+	if (!strncmp(name, XATTR_SECURITY_PREFIX,
+		     sizeof(XATTR_SECURITY_PREFIX) - 1) &&
+	    !capable(CAP_SYS_ADMIN))
+		return -EPERM;
 	return 0;
 }