From patchwork Fri Feb 17 18:24:15 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Smalley X-Patchwork-Id: 9580495 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B2FB86043A for ; Fri, 17 Feb 2017 18:21:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A4F4028742 for ; Fri, 17 Feb 2017 18:21:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 995AA28755; Fri, 17 Feb 2017 18:21:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4850328742 for ; Fri, 17 Feb 2017 18:21:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934144AbdBQSUr (ORCPT ); Fri, 17 Feb 2017 13:20:47 -0500 Received: from smtp.nsa.gov ([8.44.101.9]:25295 "EHLO emsm-gh1-uea11.nsa.gov" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934053AbdBQSUq (ORCPT ); Fri, 17 Feb 2017 13:20:46 -0500 X-IronPort-AV: E=Sophos;i="5.35,172,1484006400"; d="scan'208";a="3282124" IronPort-PHdr: =?us-ascii?q?9a23=3Al0NxhRC9APs4kel+Z889UyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSPXzpsbcNUDSrc9gkEXOFd2CrakV1qyO7eu5ADRIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+?= =?us-ascii?q?KPjrFY7OlcS30P2594HObwlSijewZbN/IA+qoQjQucUanJZuJroswRbVv3VEfP?= =?us-ascii?q?hby3l1LlyJhRb84cmw/J9n8ytOvv8q6tBNX6bncakmVLJUFDspPXw7683trhnD?= =?us-ascii?q?UBCA5mAAXWUMkxpHGBbK4RfnVZrsqCT6t+592C6HPc3qSL0/RDqv47t3RBLulS?= =?us-ascii?q?wIOSQ58GXKgcJuiqxVrg+qqxhmz4LKfI2ZMfxzdb7fc9wHX2pMRsZfWTJcDI2y?= =?us-ascii?q?bIUBCPEMMfpEo4Tnu1cDtweyCRWqCejyyjFInHj23agi3uo8DQHJwhQgH9IQv3?= =?us-ascii?q?TSsd77KaISXvqxzKnM0zrCb+5d1DDm6IfVaRAsuu2MXLJsfsrRzkkjDQXFjk6K?= =?us-ascii?q?poD/MDOV0foNvnGd4uF9Vuyvk3Yqpxx+rzWg3MshipTFipgLxl3L6yl12ps5KN?= =?us-ascii?q?ulQ0Bhe9GkCoFftySCOotzRcMtXn9ntT4hyr0DpZ67ZC8KyIk7xxLHa/yIbYyI?= =?us-ascii?q?4hX7WeaNOzh4nnNleK+khxqo7UihyvHzVsmz0FpQqCpKjsLMuWwX2xzW68iHTu?= =?us-ascii?q?Nx/kan2TmRywDe8vxILE87mKbBK5Mt36Q8moQcvEjdBCP6hV36jKqMeUUl/uio?= =?us-ascii?q?5f7nYrLjppKELI97lxr+P78yms2/Hes4Mg8OU3Kd+eSnzrLv50L5QLJUjvEuiK?= =?us-ascii?q?nWrIjaJdgHpq6+GwJV1ocj6xCiDzapydgYhmcII05YeBKdjojpJ1HPLOn9Dfe4?= =?us-ascii?q?nlusjTNryO7dM73/DZXCMGLDnK3ifblj8U5czhQ8zdRF65JTELEBL+r5WlXtu9?= =?us-ascii?q?zAEh85Lwu0zv7jCNV80IMeRG2ODraaMKzMq1+I4PwgI+2XaY8LtzbyNeIl6+Tt?= =?us-ascii?q?jXAng18de7em3Z8NZHC/BPRmLF2TYWDwjdcZDWcKog0+QfTuiF2DVz5TenmzU7?= =?us-ascii?q?sy5jEgFY2pE5nDSZ6pgLGawie7EYNZZnpcBlCPD3jobYOEVOkIaC6IJc9hiDME?= =?us-ascii?q?X6C7S4A9zRGuqBP6y71/I+rK+y0Yr5Xj2cN05uLNkxEy9CJ0A96Z02GMSWF0g2?= =?us-ascii?q?wJSyUx3KBlrkxx0EqD0asry8BfQMJS/fRhQAo8NICay+18FsC0XRjOOMqKG3i8?= =?us-ascii?q?RdDzOi08VtI8xZc1Zk95H9izxkTY0zGCH64el7vNAoc9tK3bwS6idI5G13/a2f?= =?us-ascii?q?x53BEdScxVODjj3PZy?= X-IPAS-Result: =?us-ascii?q?A2FbIABvPqdY/wHyM5BeGwEBAQMBAQEJAQEBFgEBAQMBAQE?= =?us-ascii?q?JAQEBgyaBap5PBpIDgkSEGxqEXYErgiVXAQEBAQEBAQECAQJfKIIzIoJJUiiBK?= =?us-ascii?q?YlfDbJdOiYCizEBMYYHilSCAAyDDQWJDoc3izyKEogHAoF5iFsMhiQCSIMTj0N?= =?us-ascii?q?YgQAZBwISCBsPhx8iNYprAQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 17 Feb 2017 18:20:44 +0000 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v1HIKgma009633; Fri, 17 Feb 2017 13:20:43 -0500 From: Stephen Smalley To: viro@zeniv.linux.org.uk Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, Stephen Smalley Subject: [PATCH] fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks Date: Fri, 17 Feb 2017 13:24:15 -0500 Message-Id: <1487355855-3508-1-git-send-email-sds@tycho.nsa.gov> X-Mailer: git-send-email 2.7.4 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP generic_permission() presently checks CAP_DAC_OVERRIDE prior to CAP_DAC_READ_SEARCH. This can cause misleading audit messages when using a LSM such as SELinux or AppArmor, since CAP_DAC_OVERRIDE may not be required for the operation. Flip the order of the tests so that CAP_DAC_OVERRIDE is only checked when required for the operation. Signed-off-by: Stephen Smalley --- fs/namei.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index ad74877..8736e4a 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -340,22 +340,14 @@ int generic_permission(struct inode *inode, int mask) if (S_ISDIR(inode->i_mode)) { /* DACs are overridable for directories */ - if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) - return 0; if (!(mask & MAY_WRITE)) if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH)) return 0; - return -EACCES; - } - /* - * Read/write DACs are always overridable. - * Executable DACs are overridable when there is - * at least one exec bit set. - */ - if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO)) if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) return 0; + return -EACCES; + } /* * Searching includes executable on directories, else just read. @@ -364,6 +356,14 @@ int generic_permission(struct inode *inode, int mask) if (mask == MAY_READ) if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH)) return 0; + /* + * Read/write DACs are always overridable. + * Executable DACs are overridable when there is + * at least one exec bit set. + */ + if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO)) + if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) + return 0; return -EACCES; }