Commit 7c9bf63f authored by Stephen D. Smalley's avatar Stephen D. Smalley Committed by Greg Kroah-Hartman

[PATCH] LSM: Add LSM syslog hook to 2.5.59

This patch adds the LSM security_syslog hook for controlling the
syslog(2) interface relative to 2.5.59 plus the previously posted
security_sysctl patch.  In response to earlier comments by Christoph,
the existing capability check for syslog(2) is moved into the
capability security module hook function, and a corresponding dummy
security module hook function is defined that provides traditional
superuser behavior.  The LSM hook is placed in do_syslog rather than
sys_syslog so that it is called when either the system call interface
or the /proc/kmsg interface is used.  SELinux uses this hook to
control access to the kernel message ring and to the console log
level.
parent c1b447c2
...@@ -47,6 +47,7 @@ extern void cap_bprm_compute_creds (struct linux_binprm *bprm); ...@@ -47,6 +47,7 @@ extern void cap_bprm_compute_creds (struct linux_binprm *bprm);
extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
extern void cap_task_kmod_set_label (void); extern void cap_task_kmod_set_label (void);
extern void cap_task_reparent_to_init (struct task_struct *p); extern void cap_task_reparent_to_init (struct task_struct *p);
extern int cap_syslog (int type);
/* /*
* Values used in the task_security_ops calls * Values used in the task_security_ops calls
...@@ -778,6 +779,12 @@ struct swap_info_struct; ...@@ -778,6 +779,12 @@ struct swap_info_struct;
* @tsk contains the task_struct for the process. * @tsk contains the task_struct for the process.
* @cap contains the capability <include/linux/capability.h>. * @cap contains the capability <include/linux/capability.h>.
* Return 0 if the capability is granted for @tsk. * Return 0 if the capability is granted for @tsk.
* @syslog:
* Check permission before accessing the kernel message ring or changing
* logging to the console.
* See the syslog(2) manual page for an explanation of the @type values.
* @type contains the type of action.
* Return 0 if permission is granted.
* *
* @register_security: * @register_security:
* allow module stacking. * allow module stacking.
...@@ -808,6 +815,7 @@ struct security_operations { ...@@ -808,6 +815,7 @@ struct security_operations {
int (*capable) (struct task_struct * tsk, int cap); int (*capable) (struct task_struct * tsk, int cap);
int (*quotactl) (int cmds, int type, int id, struct super_block * sb); int (*quotactl) (int cmds, int type, int id, struct super_block * sb);
int (*quota_on) (struct file * f); int (*quota_on) (struct file * f);
int (*syslog) (int type);
int (*bprm_alloc_security) (struct linux_binprm * bprm); int (*bprm_alloc_security) (struct linux_binprm * bprm);
void (*bprm_free_security) (struct linux_binprm * bprm); void (*bprm_free_security) (struct linux_binprm * bprm);
...@@ -1013,6 +1021,11 @@ static inline int security_quota_on (struct file * file) ...@@ -1013,6 +1021,11 @@ static inline int security_quota_on (struct file * file)
return security_ops->quota_on (file); return security_ops->quota_on (file);
} }
static inline int security_syslog(int type)
{
return security_ops->syslog(type);
}
static inline int security_bprm_alloc (struct linux_binprm *bprm) static inline int security_bprm_alloc (struct linux_binprm *bprm)
{ {
return security_ops->bprm_alloc_security (bprm); return security_ops->bprm_alloc_security (bprm);
...@@ -1627,6 +1640,11 @@ static inline int security_quota_on (struct file * file) ...@@ -1627,6 +1640,11 @@ static inline int security_quota_on (struct file * file)
return 0; return 0;
} }
static inline int security_syslog(int type)
{
return cap_syslog(type);
}
static inline int security_bprm_alloc (struct linux_binprm *bprm) static inline int security_bprm_alloc (struct linux_binprm *bprm)
{ {
return 0; return 0;
......
...@@ -28,6 +28,7 @@ ...@@ -28,6 +28,7 @@
#include <linux/config.h> #include <linux/config.h>
#include <linux/delay.h> #include <linux/delay.h>
#include <linux/smp.h> #include <linux/smp.h>
#include <linux/security.h>
#include <asm/uaccess.h> #include <asm/uaccess.h>
...@@ -161,6 +162,10 @@ int do_syslog(int type, char * buf, int len) ...@@ -161,6 +162,10 @@ int do_syslog(int type, char * buf, int len)
char c; char c;
int error = 0; int error = 0;
error = security_syslog(type);
if (error)
return error;
switch (type) { switch (type) {
case 0: /* Close log */ case 0: /* Close log */
break; break;
...@@ -273,8 +278,6 @@ int do_syslog(int type, char * buf, int len) ...@@ -273,8 +278,6 @@ int do_syslog(int type, char * buf, int len)
asmlinkage long sys_syslog(int type, char * buf, int len) asmlinkage long sys_syslog(int type, char * buf, int len)
{ {
if ((type != 3) && !capable(CAP_SYS_ADMIN))
return -EPERM;
return do_syslog(type, buf, len); return do_syslog(type, buf, len);
} }
......
...@@ -262,6 +262,13 @@ void cap_task_reparent_to_init (struct task_struct *p) ...@@ -262,6 +262,13 @@ void cap_task_reparent_to_init (struct task_struct *p)
return; return;
} }
int cap_syslog (int type)
{
if ((type != 3) && !capable(CAP_SYS_ADMIN))
return -EPERM;
return 0;
}
EXPORT_SYMBOL(cap_capable); EXPORT_SYMBOL(cap_capable);
EXPORT_SYMBOL(cap_ptrace); EXPORT_SYMBOL(cap_ptrace);
EXPORT_SYMBOL(cap_capget); EXPORT_SYMBOL(cap_capget);
...@@ -272,6 +279,7 @@ EXPORT_SYMBOL(cap_bprm_compute_creds); ...@@ -272,6 +279,7 @@ EXPORT_SYMBOL(cap_bprm_compute_creds);
EXPORT_SYMBOL(cap_task_post_setuid); EXPORT_SYMBOL(cap_task_post_setuid);
EXPORT_SYMBOL(cap_task_kmod_set_label); EXPORT_SYMBOL(cap_task_kmod_set_label);
EXPORT_SYMBOL(cap_task_reparent_to_init); EXPORT_SYMBOL(cap_task_reparent_to_init);
EXPORT_SYMBOL(cap_syslog);
#ifdef CONFIG_SECURITY #ifdef CONFIG_SECURITY
...@@ -289,6 +297,8 @@ static struct security_operations capability_ops = { ...@@ -289,6 +297,8 @@ static struct security_operations capability_ops = {
.task_post_setuid = cap_task_post_setuid, .task_post_setuid = cap_task_post_setuid,
.task_kmod_set_label = cap_task_kmod_set_label, .task_kmod_set_label = cap_task_kmod_set_label,
.task_reparent_to_init = cap_task_reparent_to_init, .task_reparent_to_init = cap_task_reparent_to_init,
.syslog = cap_syslog,
}; };
#if defined(CONFIG_SECURITY_CAPABILITIES_MODULE) #if defined(CONFIG_SECURITY_CAPABILITIES_MODULE)
......
...@@ -90,6 +90,13 @@ static int dummy_quota_on (struct file *f) ...@@ -90,6 +90,13 @@ static int dummy_quota_on (struct file *f)
return 0; return 0;
} }
static int dummy_syslog (int type)
{
if ((type != 3) && current->euid)
return -EPERM;
return 0;
}
static int dummy_bprm_alloc_security (struct linux_binprm *bprm) static int dummy_bprm_alloc_security (struct linux_binprm *bprm)
{ {
return 0; return 0;
...@@ -640,6 +647,7 @@ void security_fixup_ops (struct security_operations *ops) ...@@ -640,6 +647,7 @@ void security_fixup_ops (struct security_operations *ops)
set_to_dummy_if_null(ops, quotactl); set_to_dummy_if_null(ops, quotactl);
set_to_dummy_if_null(ops, quota_on); set_to_dummy_if_null(ops, quota_on);
set_to_dummy_if_null(ops, sysctl); set_to_dummy_if_null(ops, sysctl);
set_to_dummy_if_null(ops, syslog);
set_to_dummy_if_null(ops, bprm_alloc_security); set_to_dummy_if_null(ops, bprm_alloc_security);
set_to_dummy_if_null(ops, bprm_free_security); set_to_dummy_if_null(ops, bprm_free_security);
set_to_dummy_if_null(ops, bprm_compute_creds); set_to_dummy_if_null(ops, bprm_compute_creds);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment