Home Explore Help
Sign In
PUBLIC_REPOS
/
ti-processor-sdk-linux
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Smack: ptrace capability use fixes

[ Upstream commit dcb569cf6ac99ca899b8109c128b6ae52477a015 ]

This fixes a pair of problems in the Smack ptrace checks
related to checking capabilities. In both cases, as reported
by Lukasz Pawelczyk, the raw capability calls are used rather
than the Smack wrapper that check addition restrictions.
In one case, as reported by Jann Horn, the wrong task is being
checked for capabilities.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Casey Schaufler 7 years ago
parent
eb4a3faebf
commit
7a478552b5
1 changed files with 10 additions and 3 deletions
Unified View Show Diff Stats
  1. 10 3
      security/smack/smack_lsm.c

+ 10 - 3
security/smack/smack_lsm.c
View File 

@@ -421,6 +421,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
 
 	struct smk_audit_info ad, *saip = NULL;
 
 	struct smk_audit_info ad, *saip = NULL;
 
 	struct task_smack *tsp;
 
 	struct task_smack *tsp;
 
 	struct smack_known *tracer_known;
 
 	struct smack_known *tracer_known;
 
+	const struct cred *tracercred;
 
 
 
 	if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
 
 	if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
 
 		smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
 
 		smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
 
@@ -429,7 +430,8 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
 
 	}
 
 	}
 
 
 
 	rcu_read_lock();
 
 	rcu_read_lock();
 
-	tsp = __task_cred(tracer)->security;
 
+	tracercred = __task_cred(tracer);
 
+	tsp = tracercred->security;
 
 	tracer_known = smk_of_task(tsp);
 
 	tracer_known = smk_of_task(tsp);
 
 
 
 	if ((mode & PTRACE_MODE_ATTACH) &&
 
 	if ((mode & PTRACE_MODE_ATTACH) &&
 
@@ -439,7 +441,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
 
 			rc = 0;
 
 			rc = 0;
 
 		else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
 
 		else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
 
 			rc = -EACCES;
 
 			rc = -EACCES;
 
-		else if (capable(CAP_SYS_PTRACE))
 
+		else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
 
 			rc = 0;
 
 			rc = 0;
 
 		else
 
 		else
 
 			rc = -EACCES;
 
 			rc = -EACCES;
 
@@ -1841,6 +1843,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
 
 {
 
 {
 
 	struct smack_known *skp;
 
 	struct smack_known *skp;
 
 	struct smack_known *tkp = smk_of_task(tsk->cred->security);
 
 	struct smack_known *tkp = smk_of_task(tsk->cred->security);
 
+	const struct cred *tcred;
 
 	struct file *file;
 
 	struct file *file;
 
 	int rc;
 
 	int rc;
 
 	struct smk_audit_info ad;
 
 	struct smk_audit_info ad;
 
@@ -1854,8 +1857,12 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
 
 	skp = file->f_security;
 
 	skp = file->f_security;
 
 	rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
 
 	rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
 
 	rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
 
 	rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
 
-	if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
 
+
 
+	rcu_read_lock();
 
+	tcred = __task_cred(tsk);
 
+	if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
 
 		rc = 0;
 
 		rc = 0;
 
+	rcu_read_unlock();
 
 
 
 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
 
 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
 
 	smk_ad_setfield_u_tsk(&ad, tsk);
 
 	smk_ad_setfield_u_tsk(&ad, tsk);