From patchwork Fri May 13 16:31:10 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Smalley X-Patchwork-Id: 9092461 Return-Path: X-Original-To: patchwork-selinux@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 370EEBF29F for ; Fri, 13 May 2016 16:30:24 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 62FDC2022D for ; Fri, 13 May 2016 16:30:23 +0000 (UTC) Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5429B2021A for ; Fri, 13 May 2016 16:30:22 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.24,614,1454976000"; d="scan'208";a="13676446" IronPort-PHdr: =?us-ascii?q?9a23=3AyMe8TBWpKtrJs/dpCBjnB9Hin+HV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYZhGCt8tkgFKBZ4jH8fUM07OQ6PCxHzZZqsfR+Fk5M7VyFDY9wf?= =?us-ascii?q?0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3CwN5?= =?us-ascii?q?K6zPF5LIiIzvjqbpq8yVOVwD1Wr1SIgxBSv1hD2ZjtMRj4pmJ/R54TryiVwMRd?= =?us-ascii?q?5rw3h1L0mYhRf265T41pdi9yNNp6BprJYYAu3HZaBwcZh0RHRjaTh0t4XXskzY?= =?us-ascii?q?QA+O4GYMenkHmRpPRQ7e5Vf1WYminDH9s79GxCSCPcDwBYsxUDCm4rYjHATkkw?= =?us-ascii?q?8bJjU59yfRkcU2g6VF9kHy7ydjypLZNdnGfMF1ebnQKJZAHWc=3D?= X-IPAS-Result: =?us-ascii?q?A2FjBQCz/zVX/wHyM5BeHAGDGoFED7UqhigfhyhMAQEBAQE?= =?us-ascii?q?BAgJiJ4Itgh0CNxQgCwMDCQIXKQgIAwEtFR8LBRgEiA7BXiWPAxEBhXUFh3sDh?= =?us-ascii?q?xOJFo4eAolUhUECRY58YoIGG4FnUoccCRcEgRoBAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 May 2016 16:30:20 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u4DGTYtv003723; Fri, 13 May 2016 12:29:45 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u4DGTW2H168860 for ; Fri, 13 May 2016 12:29:32 -0400 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u4DGTVRC003717; Fri, 13 May 2016 12:29:31 -0400 From: Stephen Smalley To: selinux@tycho.nsa.gov Subject: [PATCH] Avoid mounting /proc outside of selinux_init_load_policy(). Date: Fri, 13 May 2016 12:31:10 -0400 Message-Id: <1463157070-31643-1-git-send-email-sds@tycho.nsa.gov> X-Mailer: git-send-email 2.5.5 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: ben.shelton@ni.com, Stephen Smalley , 823184-forwarded@bugs.debian.org MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Temporarily mounting /proc within selinuxfs_exists() can cause problems since it can be called by a libselinux constructor and therefore may be invoked by every program linked with libselinux. Since this was only motivated originally by a situation where selinuxfs_exists() was called from selinux_init_load_policy() before /proc was mounted, fix it in selinux_init_load_policy() instead. This reverts commit 5a8d8c499b2ef80eaa7b5abe2ec68d7101e613bf ("libselinux: only mount /proc if necessary") and commit 9df498884665d79474b79f0f30d1cd67df11bd3e ("libselinux: Mount procfs before checking /proc/filesystems"). Signed-off-by: Stephen Smalley --- libselinux/src/init.c | 27 +++------------------------ libselinux/src/load_policy.c | 15 ++++++++++----- 2 files changed, 13 insertions(+), 29 deletions(-) diff --git a/libselinux/src/init.c b/libselinux/src/init.c index 3530594..3c687a2 100644 --- a/libselinux/src/init.c +++ b/libselinux/src/init.c @@ -11,8 +11,6 @@ #include #include #include -#include -#include #include "dso.h" #include "policy.h" @@ -58,26 +56,15 @@ static int verify_selinuxmnt(const char *mnt) int selinuxfs_exists(void) { - int exists = 0, mnt_rc = -1, rc; - struct statfs sb; + int exists = 0; FILE *fp = NULL; char *buf = NULL; size_t len; ssize_t num; - do { - rc = statfs("/proc", &sb); - } while (rc < 0 && errno == EINTR); - - if (rc == 0 && ((uint32_t)sb.f_type != (uint32_t)PROC_SUPER_MAGIC)) - mnt_rc = mount("proc", "/proc", "proc", 0, 0); - fp = fopen("/proc/filesystems", "r"); - if (!fp) { - exists = 1; /* Fail as if it exists */ - goto out; - } - + if (!fp) + return 1; /* Fail as if it exists */ __fsetlocking(fp, FSETLOCKING_BYCALLER); num = getline(&buf, &len, fp); @@ -91,14 +78,6 @@ int selinuxfs_exists(void) free(buf); fclose(fp); - -out: -#ifndef MNT_DETACH -#define MNT_DETACH 2 -#endif - if (mnt_rc == 0) - umount2("/proc", MNT_DETACH); - return exists; } hidden_def(selinuxfs_exists) diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c index 21ee58b..4f39fc7 100644 --- a/libselinux/src/load_policy.c +++ b/libselinux/src/load_policy.c @@ -17,6 +17,10 @@ #include "policy.h" #include +#ifndef MNT_DETACH +#define MNT_DETACH 2 +#endif + int security_load_policy(void *data, size_t len) { char path[PATH_MAX]; @@ -348,11 +352,6 @@ int selinux_init_load_policy(int *enforce) fclose(cfg); free(buf); } -#ifndef MNT_DETACH -#define MNT_DETACH 2 -#endif - if (rc == 0) - umount2("/proc", MNT_DETACH); /* * Determine the final desired mode. @@ -400,11 +399,17 @@ int selinux_init_load_policy(int *enforce) /* Only emit this error if selinux was not disabled */ fprintf(stderr, "Mount failed for selinuxfs on %s: %s\n", SELINUXMNT, strerror(errno)); } + + if (rc == 0) + umount2("/proc", MNT_DETACH); goto noload; } set_selinuxmnt(mntpoint); + if (rc == 0) + umount2("/proc", MNT_DETACH); + /* * Note: The following code depends on having selinuxfs * already mounted and selinuxmnt set above.