| Message ID | 309c3eb6dac783590b66e39e66d7f85f1ba66a20.1468394884.git.laurent.georget@supelec.fr (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 07/13/2016 03:32 AM, Laurent Georget wrote: > Signed-off-by: Laurent Georget <laurent.georget@supelec.fr> > > --- > include/linux/security.h | 16 ++++++++++++++++ > ipc/mqueue.c | 9 +++++++++ > 2 files changed, 25 insertions(+) > > diff --git a/include/linux/security.h b/include/linux/security.h > index c3e2109..8f4d5c5 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -338,6 +338,10 @@ int security_msg_queue_msgsnd(struct msg_queue *msq, > struct msg_msg *msg, int msqflg); > int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, > struct task_struct *target, long type, int mode); > +int security_mq_timedsend(struct file *mq, size_t msg_len, > + unsigned long msg_prio, struct timespec *ts); > +int security_mq_timedreceive(struct file *mq, size_t msg_len, > + struct timespec *ts); > int security_shm_alloc(struct shmid_kernel *shp); > void security_shm_free(struct shmid_kernel *shp); > int security_shm_associate(struct shmid_kernel *shp, int shmflg); > @@ -1018,6 +1022,18 @@ static inline int security_msg_queue_msgrcv(struct msg_queue *msq, > return 0; > } > > +static inline int security_mq_timedsend(struct file *mq, size_t msg_len, > + unsigned long msg_prio, > + struct timespec *ts) > +{ > + return 0; > +} > +static inline int security_mq_timedreceive(struct file *mq, size_t msg_len, > + struct timespec *ts) > +{ > + return 0; > +} > + Similarly, you need more than this in the CONFIG_SECURITY=y case if defining new hooks. > static inline int security_shm_alloc(struct shmid_kernel *shp) > { > return 0; > diff --git a/ipc/mqueue.c b/ipc/mqueue.c > index ade739f..da8ec3a 100644 > --- a/ipc/mqueue.c > +++ b/ipc/mqueue.c > @@ -1002,6 +1002,11 @@ SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqdes, const char __user *, u_msg_ptr, > goto out_fput; > } > > + ret = security_mq_timedsend(f.file, msg_len, msg_prio, > + timeout ? &ts : NULL); > + if (ret) > + goto out_fput; > + > if (unlikely(msg_len > info->attr.mq_msgsize)) { > ret = -EMSGSIZE; > goto out_fput; > @@ -1118,6 +1123,10 @@ SYSCALL_DEFINE5(mq_timedreceive, mqd_t, mqdes, char __user *, u_msg_ptr, > goto out_fput; > } > > + ret = security_mq_timedreceive(f.file, msg_len, timeout ? &ts : NULL); > + if (ret) > + goto out_fput; > + > /* checks if buffer is big enough */ > if (unlikely(msg_len < info->attr.mq_msgsize)) { > ret = -EMSGSIZE; > -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 07/21/2016 09:36 AM, Stephen Smalley wrote: > On 07/13/2016 03:32 AM, Laurent Georget wrote: >> Signed-off-by: Laurent Georget <laurent.georget@supelec.fr> >> >> --- >> include/linux/security.h | 16 ++++++++++++++++ >> ipc/mqueue.c | 9 +++++++++ >> 2 files changed, 25 insertions(+) >> >> diff --git a/include/linux/security.h b/include/linux/security.h >> index c3e2109..8f4d5c5 100644 >> --- a/include/linux/security.h >> +++ b/include/linux/security.h >> @@ -338,6 +338,10 @@ int security_msg_queue_msgsnd(struct msg_queue *msq, >> struct msg_msg *msg, int msqflg); >> int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, >> struct task_struct *target, long type, int mode); >> +int security_mq_timedsend(struct file *mq, size_t msg_len, >> + unsigned long msg_prio, struct timespec *ts); >> +int security_mq_timedreceive(struct file *mq, size_t msg_len, >> + struct timespec *ts); >> int security_shm_alloc(struct shmid_kernel *shp); >> void security_shm_free(struct shmid_kernel *shp); >> int security_shm_associate(struct shmid_kernel *shp, int shmflg); >> @@ -1018,6 +1022,18 @@ static inline int security_msg_queue_msgrcv(struct msg_queue *msq, >> return 0; >> } >> >> +static inline int security_mq_timedsend(struct file *mq, size_t msg_len, >> + unsigned long msg_prio, >> + struct timespec *ts) >> +{ >> + return 0; >> +} >> +static inline int security_mq_timedreceive(struct file *mq, size_t msg_len, >> + struct timespec *ts) >> +{ >> + return 0; >> +} >> + > > Similarly, you need more than this in the CONFIG_SECURITY=y case if > defining new hooks. > >> static inline int security_shm_alloc(struct shmid_kernel *shp) >> { >> return 0; >> diff --git a/ipc/mqueue.c b/ipc/mqueue.c >> index ade739f..da8ec3a 100644 >> --- a/ipc/mqueue.c >> +++ b/ipc/mqueue.c >> @@ -1002,6 +1002,11 @@ SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqdes, const char __user *, u_msg_ptr, >> goto out_fput; >> } >> >> + ret = security_mq_timedsend(f.file, msg_len, msg_prio, >> + timeout ? &ts : NULL); I see no potential use of the msg_len, msg_prio, or ts arguments, so just drop those. At that point, is this hook any different than security_file_permission(f.file, MAY_WRITE)? >> + if (ret) >> + goto out_fput; >> + >> if (unlikely(msg_len > info->attr.mq_msgsize)) { >> ret = -EMSGSIZE; >> goto out_fput; >> @@ -1118,6 +1123,10 @@ SYSCALL_DEFINE5(mq_timedreceive, mqd_t, mqdes, char __user *, u_msg_ptr, >> goto out_fput; >> } >> >> + ret = security_mq_timedreceive(f.file, msg_len, timeout ? &ts : NULL); >> + if (ret) >> + goto out_fput; Likewise, could this be as simple as security_file_permission(f.file, MAY_READ)? >> + >> /* checks if buffer is big enough */ >> if (unlikely(msg_len < info->attr.mq_msgsize)) { >> ret = -EMSGSIZE; >> > -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/linux/security.h b/include/linux/security.h index c3e2109..8f4d5c5 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -338,6 +338,10 @@ int security_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg); int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, struct task_struct *target, long type, int mode); +int security_mq_timedsend(struct file *mq, size_t msg_len, + unsigned long msg_prio, struct timespec *ts); +int security_mq_timedreceive(struct file *mq, size_t msg_len, + struct timespec *ts); int security_shm_alloc(struct shmid_kernel *shp); void security_shm_free(struct shmid_kernel *shp); int security_shm_associate(struct shmid_kernel *shp, int shmflg); @@ -1018,6 +1022,18 @@ static inline int security_msg_queue_msgrcv(struct msg_queue *msq, return 0; } +static inline int security_mq_timedsend(struct file *mq, size_t msg_len, + unsigned long msg_prio, + struct timespec *ts) +{ + return 0; +} +static inline int security_mq_timedreceive(struct file *mq, size_t msg_len, + struct timespec *ts) +{ + return 0; +} + static inline int security_shm_alloc(struct shmid_kernel *shp) { return 0; diff --git a/ipc/mqueue.c b/ipc/mqueue.c index ade739f..da8ec3a 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -1002,6 +1002,11 @@ SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqdes, const char __user *, u_msg_ptr, goto out_fput; } + ret = security_mq_timedsend(f.file, msg_len, msg_prio, + timeout ? &ts : NULL); + if (ret) + goto out_fput; + if (unlikely(msg_len > info->attr.mq_msgsize)) { ret = -EMSGSIZE; goto out_fput; @@ -1118,6 +1123,10 @@ SYSCALL_DEFINE5(mq_timedreceive, mqd_t, mqdes, char __user *, u_msg_ptr, goto out_fput; } + ret = security_mq_timedreceive(f.file, msg_len, timeout ? &ts : NULL); + if (ret) + goto out_fput; + /* checks if buffer is big enough */ if (unlikely(msg_len < info->attr.mq_msgsize)) { ret = -EMSGSIZE;
Signed-off-by: Laurent Georget <laurent.georget@supelec.fr> --- include/linux/security.h | 16 ++++++++++++++++ ipc/mqueue.c | 9 +++++++++ 2 files changed, 25 insertions(+)