AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-11-26 13:50:53 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
c727709092
linux_dsm_epyc7002/include
History
Eric Paris c727709092 security: shmem: implement kernel private shmem inodes 
We have a problem where the big_key key storage implementation uses a
shmem backed inode to hold the key contents.  Because of this detail of
implementation LSM checks are being done between processes trying to
read the keys and the tmpfs backed inode.  The LSM checks are already
being handled on the key interface level and should not be enforced at
the inode level (since the inode is an implementation detail, not a
part of the security model)

This patch implements a new function shmem_kernel_file_setup() which
returns the equivalent to shmem_file_setup() only the underlying inode
has S_PRIVATE set.  This means that all LSM checks for the inode in
question are skipped.  It should only be used for kernel internal
operations where the inode is not exposed to userspace without proper
LSM checking.  It is possible that some other users of
shmem_file_setup() should use the new interface, but this has not been
explored.

Reproducing this bug is a little bit difficult.  The steps I used on
Fedora are:

 (1) Turn off selinux enforcing:

	setenforce 0

 (2) Create a huge key

	k=`dd if=/dev/zero bs=8192 count=1 | keyctl padd big_key test-key @s`

 (3) Access the key in another context:

	runcon system_u:system_r:httpd_t:s0-s0:c0.c1023 keyctl print $k >/dev/null

 (4) Examine the audit logs:

	ausearch -m AVC -i --subject httpd_t | audit2allow

If the last command's output includes a line that looks like:

	allow httpd_t user_tmpfs_t:file { open read };

There was an inode check between httpd and the tmpfs filesystem.  With
this patch no such denial will be seen.  (NOTE! you should clear your
audit log if you have tested for this previously)

(Please return you box to enforcing)

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Hugh Dickins <hughd@google.com>
cc: linux-mm@kvack.org
2013-12-02 11:24:19 +00:00
..
acpi Merge branch 'acpica' 2013-11-27 01:03:27 +01:00
asm-generic Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-11-23 16:18:25 -08:00
clocksource
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-11-23 16:18:25 -08:00
drm Merge branch 'ttm-fixes-3.13' of git://people.freedesktop.org/~thomash/linux into drm-fixes 2013-11-21 18:46:56 +10:00
dt-bindings For the 3.13 merge window we have a couple of new drivers for the AMS 2013-11-15 16:37:40 -08:00
keys
kvm
linux security: shmem: implement kernel private shmem inodes 2013-12-02 11:24:19 +00:00
math-emu
media Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2013-11-18 15:50:07 -08:00
memory
misc
net genetlink: fix genl_set_err() group ID 2013-11-21 13:09:43 -05:00
pcmcia
ras
rdma Merge branches 'cma', 'cxgb4', 'flowsteer', 'ipoib', 'misc', 'mlx4', 'mlx5', 'nes', 'ocrdma', 'qib' and 'srp' into for-next 2013-11-17 08:22:19 -08:00
rxrpc
scsi Main batch of InfiniBand/RDMA changes for 3.13: 2013-11-18 15:36:04 -08:00
sound Merge remote-tracking branch 'asoc/topic/twl4030' into asoc-next 2013-11-08 10:43:40 +00:00
target target_core_alua: Store supported ALUA states 2013-11-20 11:26:37 -08:00
trace tracing: Allow events to have NULL strings 2013-11-26 10:34:46 -05:00
uapi Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux 2013-11-22 10:56:11 -08:00
video fbdev changes for 3.13 2013-11-14 14:44:20 +09:00
xen Features: 2013-11-15 13:34:37 +09:00
Kbuild