Commit 10b15f15 authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman

Merge kroah.com:/home/greg/linux/BK/bleeding_edge-2.5

into kroah.com:/home/greg/linux/BK/lsm-2.5
parents 679ab9a6 320aa7dc
......@@ -80,6 +80,7 @@
/* host controllers we manage */
LIST_HEAD (usb_bus_list);
EXPORT_SYMBOL (usb_bus_list);
/* used when allocating bus numbers */
#define USB_MAXBUS 64
......@@ -90,6 +91,7 @@ static struct usb_busmap busmap;
/* used when updating list of hcds */
DECLARE_MUTEX (usb_bus_list_lock); /* exported only for usbfs */
EXPORT_SYMBOL (usb_bus_list_lock);
/* used when updating hcd data */
static spinlock_t hcd_data_lock = SPIN_LOCK_UNLOCKED;
......
......@@ -23,6 +23,7 @@
#include <linux/pagevec.h>
#include <linux/quotaops.h>
#include <linux/dnotify.h>
#include <linux/security.h>
#include <asm/uaccess.h>
......
......@@ -22,5 +22,15 @@ config SECURITY_CAPABILITIES
This enables the "default" Linux capabilities functionality.
If you are unsure how to answer this question, answer Y.
config SECURITY_ROOTPLUG
tristate "Root Plug Support"
depends on SECURITY!=n
help
This is a sample LSM module that should only be used as such.
It enables control over processes being created by root users
if a specific USB device is not present in the system.
If you are unsure how to answer this question, answer N.
endmenu
......@@ -13,5 +13,6 @@ endif
# Object file lists
obj-$(CONFIG_SECURITY) += security.o dummy.o
obj-$(CONFIG_SECURITY_CAPABILITIES) += capability.o
obj-$(CONFIG_SECURITY_ROOTPLUG) += root_plug.o
include $(TOPDIR)/Rules.make
This diff is collapsed.
......@@ -12,6 +12,8 @@
* (at your option) any later version.
*/
#undef DEBUG
#include <linux/config.h>
#include <linux/module.h>
#include <linux/kernel.h>
......@@ -19,6 +21,7 @@
#include <linux/skbuff.h>
#include <linux/netlink.h>
static int dummy_ptrace (struct task_struct *parent, struct task_struct *child)
{
return 0;
......@@ -122,55 +125,55 @@ static int dummy_sb_statfs (struct super_block *sb)
return 0;
}
static int dummy_mount (char *dev_name, struct nameidata *nd, char *type,
static int dummy_sb_mount (char *dev_name, struct nameidata *nd, char *type,
unsigned long flags, void *data)
{
return 0;
}
static int dummy_check_sb (struct vfsmount *mnt, struct nameidata *nd)
static int dummy_sb_check_sb (struct vfsmount *mnt, struct nameidata *nd)
{
return 0;
}
static int dummy_umount (struct vfsmount *mnt, int flags)
static int dummy_sb_umount (struct vfsmount *mnt, int flags)
{
return 0;
}
static void dummy_umount_close (struct vfsmount *mnt)
static void dummy_sb_umount_close (struct vfsmount *mnt)
{
return;
}
static void dummy_umount_busy (struct vfsmount *mnt)
static void dummy_sb_umount_busy (struct vfsmount *mnt)
{
return;
}
static void dummy_post_remount (struct vfsmount *mnt, unsigned long flags,
static void dummy_sb_post_remount (struct vfsmount *mnt, unsigned long flags,
void *data)
{
return;
}
static void dummy_post_mountroot (void)
static void dummy_sb_post_mountroot (void)
{
return;
}
static void dummy_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
static void dummy_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
{
return;
}
static int dummy_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
static int dummy_sb_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
{
return 0;
}
static void dummy_post_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
static void dummy_sb_post_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
{
return;
}
......@@ -303,12 +306,12 @@ static int dummy_inode_getattr (struct vfsmount *mnt, struct dentry *dentry)
return 0;
}
static void dummy_post_lookup (struct inode *ino, struct dentry *d)
static void dummy_inode_post_lookup (struct inode *ino, struct dentry *d)
{
return;
}
static void dummy_delete (struct inode *ino)
static void dummy_inode_delete (struct inode *ino)
{
return;
}
......@@ -529,12 +532,12 @@ static void dummy_sem_free_security (struct sem_array *sma)
return;
}
static int dummy_register (const char *name, struct security_operations *ops)
static int dummy_register_security (const char *name, struct security_operations *ops)
{
return -EINVAL;
}
static int dummy_unregister (const char *name, struct security_operations *ops)
static int dummy_unregister_security (const char *name, struct security_operations *ops)
{
return -EINVAL;
}
......@@ -558,16 +561,16 @@ struct security_operations dummy_security_ops = {
.sb_alloc_security = dummy_sb_alloc_security,
.sb_free_security = dummy_sb_free_security,
.sb_statfs = dummy_sb_statfs,
.sb_mount = dummy_mount,
.sb_check_sb = dummy_check_sb,
.sb_umount = dummy_umount,
.sb_umount_close = dummy_umount_close,
.sb_umount_busy = dummy_umount_busy,
.sb_post_remount = dummy_post_remount,
.sb_post_mountroot = dummy_post_mountroot,
.sb_post_addmount = dummy_post_addmount,
.sb_pivotroot = dummy_pivotroot,
.sb_post_pivotroot = dummy_post_pivotroot,
.sb_mount = dummy_sb_mount,
.sb_check_sb = dummy_sb_check_sb,
.sb_umount = dummy_sb_umount,
.sb_umount_close = dummy_sb_umount_close,
.sb_umount_busy = dummy_sb_umount_busy,
.sb_post_remount = dummy_sb_post_remount,
.sb_post_mountroot = dummy_sb_post_mountroot,
.sb_post_addmount = dummy_sb_post_addmount,
.sb_pivotroot = dummy_sb_pivotroot,
.sb_post_pivotroot = dummy_sb_post_pivotroot,
.inode_alloc_security = dummy_inode_alloc_security,
.inode_free_security = dummy_inode_free_security,
......@@ -591,8 +594,8 @@ struct security_operations dummy_security_ops = {
.inode_permission_lite = dummy_inode_permission_lite,
.inode_setattr = dummy_inode_setattr,
.inode_getattr = dummy_inode_getattr,
.inode_post_lookup = dummy_post_lookup,
.inode_delete = dummy_delete,
.inode_post_lookup = dummy_inode_post_lookup,
.inode_delete = dummy_inode_delete,
.inode_setxattr = dummy_inode_setxattr,
.inode_getxattr = dummy_inode_getxattr,
.inode_listxattr = dummy_inode_listxattr,
......@@ -641,7 +644,113 @@ struct security_operations dummy_security_ops = {
.sem_alloc_security = dummy_sem_alloc_security,
.sem_free_security = dummy_sem_free_security,
.register_security = dummy_register,
.unregister_security = dummy_unregister,
.register_security = dummy_register_security,
.unregister_security = dummy_unregister_security,
};
#define set_to_dummy_if_null(ops, function) \
do { \
if (!ops->function) { \
ops->function = dummy_##function; \
pr_debug("Had to override the " #function \
" security operation with the dummy one.\n");\
} \
} while (0)
void security_fixup_ops (struct security_operations *ops)
{
set_to_dummy_if_null(ops, ptrace);
set_to_dummy_if_null(ops, capget);
set_to_dummy_if_null(ops, capset_check);
set_to_dummy_if_null(ops, capset_set);
set_to_dummy_if_null(ops, acct);
set_to_dummy_if_null(ops, capable);
set_to_dummy_if_null(ops, quotactl);
set_to_dummy_if_null(ops, quota_on);
set_to_dummy_if_null(ops, bprm_alloc_security);
set_to_dummy_if_null(ops, bprm_free_security);
set_to_dummy_if_null(ops, bprm_compute_creds);
set_to_dummy_if_null(ops, bprm_set_security);
set_to_dummy_if_null(ops, bprm_check_security);
set_to_dummy_if_null(ops, sb_alloc_security);
set_to_dummy_if_null(ops, sb_free_security);
set_to_dummy_if_null(ops, sb_statfs);
set_to_dummy_if_null(ops, sb_mount);
set_to_dummy_if_null(ops, sb_check_sb);
set_to_dummy_if_null(ops, sb_umount);
set_to_dummy_if_null(ops, sb_umount_close);
set_to_dummy_if_null(ops, sb_umount_busy);
set_to_dummy_if_null(ops, sb_post_remount);
set_to_dummy_if_null(ops, sb_post_mountroot);
set_to_dummy_if_null(ops, sb_post_addmount);
set_to_dummy_if_null(ops, sb_pivotroot);
set_to_dummy_if_null(ops, sb_post_pivotroot);
set_to_dummy_if_null(ops, inode_alloc_security);
set_to_dummy_if_null(ops, inode_free_security);
set_to_dummy_if_null(ops, inode_create);
set_to_dummy_if_null(ops, inode_post_create);
set_to_dummy_if_null(ops, inode_link);
set_to_dummy_if_null(ops, inode_post_link);
set_to_dummy_if_null(ops, inode_unlink);
set_to_dummy_if_null(ops, inode_symlink);
set_to_dummy_if_null(ops, inode_post_symlink);
set_to_dummy_if_null(ops, inode_mkdir);
set_to_dummy_if_null(ops, inode_post_mkdir);
set_to_dummy_if_null(ops, inode_rmdir);
set_to_dummy_if_null(ops, inode_mknod);
set_to_dummy_if_null(ops, inode_post_mknod);
set_to_dummy_if_null(ops, inode_rename);
set_to_dummy_if_null(ops, inode_post_rename);
set_to_dummy_if_null(ops, inode_readlink);
set_to_dummy_if_null(ops, inode_follow_link);
set_to_dummy_if_null(ops, inode_permission);
set_to_dummy_if_null(ops, inode_permission_lite);
set_to_dummy_if_null(ops, inode_setattr);
set_to_dummy_if_null(ops, inode_getattr);
set_to_dummy_if_null(ops, inode_post_lookup);
set_to_dummy_if_null(ops, inode_delete);
set_to_dummy_if_null(ops, inode_setxattr);
set_to_dummy_if_null(ops, inode_getxattr);
set_to_dummy_if_null(ops, inode_listxattr);
set_to_dummy_if_null(ops, inode_removexattr);
set_to_dummy_if_null(ops, file_permission);
set_to_dummy_if_null(ops, file_alloc_security);
set_to_dummy_if_null(ops, file_free_security);
set_to_dummy_if_null(ops, file_ioctl);
set_to_dummy_if_null(ops, file_mmap);
set_to_dummy_if_null(ops, file_mprotect);
set_to_dummy_if_null(ops, file_lock);
set_to_dummy_if_null(ops, file_fcntl);
set_to_dummy_if_null(ops, file_set_fowner);
set_to_dummy_if_null(ops, file_send_sigiotask);
set_to_dummy_if_null(ops, file_receive);
set_to_dummy_if_null(ops, task_create);
set_to_dummy_if_null(ops, task_alloc_security);
set_to_dummy_if_null(ops, task_free_security);
set_to_dummy_if_null(ops, task_setuid);
set_to_dummy_if_null(ops, task_post_setuid);
set_to_dummy_if_null(ops, task_setgid);
set_to_dummy_if_null(ops, task_setpgid);
set_to_dummy_if_null(ops, task_getpgid);
set_to_dummy_if_null(ops, task_getsid);
set_to_dummy_if_null(ops, task_setgroups);
set_to_dummy_if_null(ops, task_setnice);
set_to_dummy_if_null(ops, task_setrlimit);
set_to_dummy_if_null(ops, task_setscheduler);
set_to_dummy_if_null(ops, task_getscheduler);
set_to_dummy_if_null(ops, task_wait);
set_to_dummy_if_null(ops, task_kill);
set_to_dummy_if_null(ops, task_prctl);
set_to_dummy_if_null(ops, task_kmod_set_label);
set_to_dummy_if_null(ops, task_reparent_to_init);
set_to_dummy_if_null(ops, ipc_permission);
set_to_dummy_if_null(ops, msg_queue_alloc_security);
set_to_dummy_if_null(ops, msg_queue_free_security);
set_to_dummy_if_null(ops, shm_alloc_security);
set_to_dummy_if_null(ops, shm_free_security);
set_to_dummy_if_null(ops, sem_alloc_security);
set_to_dummy_if_null(ops, sem_free_security);
set_to_dummy_if_null(ops, register_security);
set_to_dummy_if_null(ops, unregister_security);
}
/*
* Root Plug sample LSM module
*
* Originally written for a Linux Journal.
*
* Copyright (C) 2002 Greg Kroah-Hartman <greg@kroah.com>
*
* Prevents any programs running with egid == 0 if a specific USB device
* is not present in the system. Yes, it can be gotten around, but is a
* nice starting point for people to play with, and learn the LSM
* interface.
*
* If you want to turn this into something with a semblance of security,
* you need to hook the task_* functions also.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation, version 2 of the
* License.
*/
#include <linux/config.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/security.h>
#include <linux/usb.h>
/* flag to keep track of how we were registered */
static int secondary;
/* default is a generic type of usb to serial converter */
static int vendor_id = 0x0557;
static int product_id = 0x2008;
MODULE_PARM(vendor_id, "h");
MODULE_PARM_DESC(vendor_id, "USB Vendor ID of device to look for");
MODULE_PARM(product_id, "h");
MODULE_PARM_DESC(product_id, "USB Product ID of device to look for");
/* should we print out debug messages */
static int debug = 0;
MODULE_PARM(debug, "i");
MODULE_PARM_DESC(debug, "Debug enabled or not");
#if defined(CONFIG_SECURITY_ROOTPLUG_MODULE)
#define MY_NAME THIS_MODULE->name
#else
#define MY_NAME "root_plug"
#endif
#define dbg(fmt, arg...) \
do { \
if (debug) \
printk(KERN_DEBUG "%s: %s: " fmt , \
MY_NAME , __FUNCTION__ , \
## arg); \
} while (0)
extern struct list_head usb_bus_list;
extern struct semaphore usb_bus_list_lock;
static int match_device (struct usb_device *dev)
{
int retval = -ENODEV;
int child;
dbg ("looking at vendor %d, product %d\n",
dev->descriptor.idVendor,
dev->descriptor.idProduct);
/* see if this device matches */
if ((dev->descriptor.idVendor == vendor_id) &&
(dev->descriptor.idProduct == product_id)) {
dbg ("found the device!\n");
retval = 0;
goto exit;
}
/* look through all of the children of this device */
for (child = 0; child < dev->maxchild; ++child) {
if (dev->children[child]) {
retval = match_device (dev->children[child]);
if (retval == 0)
goto exit;
}
}
exit:
return retval;
}
static int find_usb_device (void)
{
struct list_head *buslist;
struct usb_bus *bus;
int retval = -ENODEV;
down (&usb_bus_list_lock);
for (buslist = usb_bus_list.next;
buslist != &usb_bus_list;
buslist = buslist->next) {
bus = container_of (buslist, struct usb_bus, bus_list);
retval = match_device(bus->root_hub);
if (retval == 0)
goto exit;
}
exit:
up (&usb_bus_list_lock);
return retval;
}
static int rootplug_bprm_check_security (struct linux_binprm *bprm)
{
dbg ("file %s, e_uid = %d, e_gid = %d\n",
bprm->filename, bprm->e_uid, bprm->e_gid);
if (bprm->e_gid == 0) {
if (find_usb_device() != 0) {
dbg ("e_gid = 0, and device not found, "
"task not allowed to run...\n");
return -EPERM;
}
}
return 0;
}
static struct security_operations rootplug_security_ops = {
/* Use the capability functions for some of the hooks */
.ptrace = cap_ptrace,
.capget = cap_capget,
.capset_check = cap_capset_check,
.capset_set = cap_capset_set,
.capable = cap_capable,
.bprm_compute_creds = cap_bprm_compute_creds,
.bprm_set_security = cap_bprm_set_security,
.task_post_setuid = cap_task_post_setuid,
.task_kmod_set_label = cap_task_kmod_set_label,
.task_reparent_to_init = cap_task_reparent_to_init,
.bprm_check_security = rootplug_bprm_check_security,
};
static int __init rootplug_init (void)
{
/* register ourselves with the security framework */
if (register_security (&rootplug_security_ops)) {
printk (KERN_INFO
"Failure registering Root Plug module with the kernel\n");
/* try registering with primary module */
if (mod_reg_security (MY_NAME, &rootplug_security_ops)) {
printk (KERN_INFO "Failure registering Root Plug "
" module with primary security module.\n");
return -EINVAL;
}
secondary = 1;
}
printk (KERN_INFO "Root Plug module initialized, "
"vendor_id = %4.4x, product id = %4.4x\n", vendor_id, product_id);
return 0;
}
static void __exit rootplug_exit (void)
{
/* remove ourselves from the security framework */
if (secondary) {
if (mod_unreg_security (MY_NAME, &rootplug_security_ops))
printk (KERN_INFO "Failure unregistering Root Plug "
" module with primary module.\n");
} else {
if (unregister_security (&rootplug_security_ops)) {
printk (KERN_INFO "Failure unregistering Root Plug "
"module with the kernel\n");
}
}
printk (KERN_INFO "Root Plug module removed\n");
}
module_init (rootplug_init);
module_exit (rootplug_exit);
MODULE_DESCRIPTION("Root Plug sample LSM module, written for Linux Journal article");
MODULE_LICENSE("GPL");
......@@ -20,59 +20,21 @@
#define SECURITY_SCAFFOLD_VERSION "1.0.0"
extern struct security_operations dummy_security_ops; /* lives in dummy.c */
/* things that live in dummy.c */
extern struct security_operations dummy_security_ops;
extern void security_fixup_ops (struct security_operations *ops);
struct security_operations *security_ops; /* Initialized to NULL */
/* This macro checks that all pointers in a struct are non-NULL. It
* can be fooled by struct padding for object tile alignment and when
* pointers to data and pointers to functions aren't the same size.
* Yes it's ugly, we'll replace it if it becomes a problem.
*/
#define VERIFY_STRUCT(struct_type, s, e) \
do { \
unsigned long * __start = (unsigned long *)(s); \
unsigned long * __end = __start + \
sizeof(struct_type)/sizeof(unsigned long *); \
while (__start != __end) { \
if (!*__start) { \
printk(KERN_INFO "%s is missing something\n",\
#struct_type); \
e++; \
break; \
} \
__start++; \
} \
} while (0)
static int inline verify (struct security_operations *ops)
static inline int verify (struct security_operations *ops)
{
int err;
/* verify the security_operations structure exists */
if (!ops) {
printk (KERN_INFO "Passed a NULL security_operations "
"pointer, %s failed.\n", __FUNCTION__);
return -EINVAL;
}
/* Perform a little sanity checking on our inputs */
err = 0;
/* This first check scans the whole security_ops struct for
* missing structs or functions.
*
* (There is no further check now, but will leave as is until
* the lazy registration stuff is done -- JM).
*/
VERIFY_STRUCT(struct security_operations, ops, err);
if (err) {
printk (KERN_INFO "Not enough functions specified in the "
"security_operation structure, %s failed.\n",
__FUNCTION__);
return -EINVAL;
}
security_fixup_ops (ops);
return 0;
}
......@@ -106,12 +68,12 @@ int security_scaffolding_startup (void)
*/
int register_security (struct security_operations *ops)
{
if (verify (ops)) {
printk (KERN_INFO "%s could not verify "
"security_operations structure.\n", __FUNCTION__);
return -EINVAL;
}
if (security_ops != &dummy_security_ops) {
printk (KERN_INFO "There is already a security "
"framework initialized, %s failed.\n", __FUNCTION__);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment