diff options
author | Micah Morton <mortonm@chromium.org> | 2019-01-22 23:42:09 +0100 |
---|---|---|
committer | James Morris <james.morris@microsoft.com> | 2019-01-25 20:22:43 +0100 |
commit | 40852275a94afb3e836be9248399e036982d1a79 (patch) | |
tree | 97db7b5d7dfae0ecd678b57bc861e60e949afe44 /kernel/capability.c | |
parent | tomoyo: Allow multiple use_group lines. (diff) | |
download | linux-40852275a94afb3e836be9248399e036982d1a79.tar.xz linux-40852275a94afb3e836be9248399e036982d1a79.zip |
LSM: add SafeSetID module that gates setid calls
This change ensures that the set*uid family of syscalls in kernel/sys.c
(setreuid, setuid, setresuid, setfsuid) all call ns_capable_common with
the CAP_OPT_INSETID flag, so capability checks in the security_capable
hook can know whether they are being called from within a set*uid
syscall. This change is a no-op by itself, but is needed for the
proposed SafeSetID LSM.
Signed-off-by: Micah Morton <mortonm@chromium.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.morris@microsoft.com>
Diffstat (limited to 'kernel/capability.c')
-rw-r--r-- | kernel/capability.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index cfbbcb68e11e..1444f3954d75 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -416,6 +416,25 @@ bool ns_capable_noaudit(struct user_namespace *ns, int cap) EXPORT_SYMBOL(ns_capable_noaudit); /** + * ns_capable_setid - Determine if the current task has a superior capability + * in effect, while signalling that this check is being done from within a + * setid syscall. + * @ns: The usernamespace we want the capability in + * @cap: The capability to be tested for + * + * Return true if the current task has the given superior capability currently + * available for use, false if not. + * + * This sets PF_SUPERPRIV on the task if the capability is available on the + * assumption that it's about to be used. + */ +bool ns_capable_setid(struct user_namespace *ns, int cap) +{ + return ns_capable_common(ns, cap, CAP_OPT_INSETID); +} +EXPORT_SYMBOL(ns_capable_setid); + +/** * capable - Determine if the current task has a superior capability in effect * @cap: The capability to be tested for * |