|
|
Subscribe / Log in / New account

lids 2.0.1pre4 for kernel 2.5.31-lsm1

From:  Huagang Xie <xie@www.lids.org>
To:  Chris Wright <chris@wirex.com>
Subject:  lids 2.0.1pre4 for kernel 2.5.31-lsm1
Date:  Thu, 15 Aug 2002 15:48:26 -0700 (PDT)
Cc:  LIDS Mailing List <lids-user@lists.sourceforge.net>, linux-security-module@wirex.com

Hi,

This version,
	1. Move the ACL file open permission checking from
	   file_permssion() to  inode_permission().
	2. fixed "major/minor" to "MAJOR/MINOR" which prevent the lids
	   from compiling correctly.
	3. This only work with kernel 2.5.31 now.

Thanks,
Huagang	

-- 
LIDS secure linux kernel
http://www.lids.org/
1024D/B6EFB028 		4731 2BF7 7735 4DBD 3771  4E24 B53B B60A B6EF B028

diff -Nru security/lids_old/include/linux/lids.h security/lids/include/linux/lids.h
--- security/lids_old/include/linux/lids.h	Fri May  3 10:54:55 2002
+++ security/lids/include/linux/lids.h	Thu Aug 15 14:34:07 2002
@@ -18,7 +18,7 @@
 #define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
 #endif
 
-#define LIDS_VERSION	"2.0.1pre3"
+#define LIDS_VERSION	"2.0.1pre4"
 /* FIXME: some more externals in kernel/signal.c and kernel/sysctl.c */
 
 typedef struct
diff -Nru security/lids_old/lids_exec.c security/lids/lids_exec.c
--- security/lids_old/lids_exec.c	Thu Aug 15 14:05:38 2002
+++ security/lids/lids_exec.c	Thu Aug 15 14:34:07 2002
@@ -203,8 +203,8 @@
 #ifdef CONFIG_LIDS_NO_EXEC_UP
 			lids_security_alert("Attempt to exec unprotected program %s (dev %d:%d inode %ld) before sealing LIDS",
 					    bprm->filename,
-					    major(dentry->d_inode->i_dev),
-					    minor(dentry->d_inode->i_dev),
+					    MAJOR(dentry->d_inode->i_dev),
+					    MINOR(dentry->d_inode->i_dev),
 					    dentry->d_inode->i_ino);
 			if (dentry)
 				dput(dentry);
@@ -212,8 +212,8 @@
 #else
 			lids_security_alert("Exec'ed unprotected program %s (dev %d:%d inode %ld) before sealing LIDS",
 					    bprm->filename,
-					    major(dentry->d_inode->i_dev),
-					    minor(dentry->d_inode->i_dev),
+					    MAJOR(dentry->d_inode->i_dev),
+					    MINOR(dentry->d_inode->i_dev),
 					    dentry->d_inode->i_ino);
 #endif
 		}
diff -Nru security/lids_old/lids_lsm.c security/lids/lids_lsm.c
--- security/lids_old/lids_lsm.c	Thu Aug 15 14:05:38 2002
+++ security/lids/lids_lsm.c	Thu Aug 15 15:03:12 2002
@@ -463,18 +463,46 @@
 
 static int lids_inode_permission (struct inode *inode, int mask)
 {
-	if(lids_load && lids_local_load ) {
-		if(lids_check_hidden_inode(inode->i_ino, to_kdev_t(inode->i_dev))) {
-			if(lids_check_acl_inode(inode,LIDS_READONLY,0)) {
-                        	lids_security_alert("Attempt to read (dev %d:%d, ino %ld)",
-					MAJOR(inode->i_dev),
-					MINOR(inode->i_dev),
-					inode->i_ino);
-				return -EPERM;
+	struct 	list_head *head, *next, *tmp;
+	struct 	dentry *d;
+	int 	error = 0;
+
+	if(!(lids_load&&lids_local_load)) return 0; 
+	
+	spin_lock(&dcache_lock);
+	head = &inode->i_dentry;
+	next = inode->i_dentry.next;
+
+	while (next != head) {
+		tmp = next;
+		next = tmp->next;
+		d = list_entry(tmp, struct dentry, d_alias);
+
+       		if( (mask&MAY_APPEND)) {
+                	error = lids_check_base(d,LIDS_APPEND);
+			if(error) {
+                		lids_security_alert("Attempt to open %.1024s  appending",d->d_iname);
+              			error=-EPERM;
+			}
+		}
+        	else if( (mask&MAY_WRITE)){
+               		error = lids_check_base(d,LIDS_WRITE);
+			if(error) {
+                 		lids_security_alert("Attempt to open %.1024s for writing",d->d_iname);
+              			error=-EPERM;
 			}
 		}
+        	else if( (mask&MAY_EXEC)){
+			error = lids_check_base(d,LIDS_READONLY);
+			if(error) {
+                 		lids_security_alert("Attempt to for reading %.1024s",d->d_iname);
+				error = -ENOENT;
+			}
+			
+		}
 	}
-	return 0;
+	spin_unlock(&dcache_lock);
+	return error;
 }
 
 static int lids_inode_permission_lite (struct inode *inode, int mask)
@@ -533,36 +561,7 @@
 
 static int lids_file_permission (struct file *file, int mask)
 {
-	int error = 0;
-
-	if(lids_load && lids_local_load ) {
-
-       		if( (mask&MAY_APPEND)) {
-          		if(mask & O_APPEND) {
-                		error = lids_check_base(file->f_dentry,LIDS_APPEND);
-			}
-			if(error) {
-                		lids_security_alert("Attempt to open %.1024s  appending,mask=%d",file->f_dentry->d_iname, mask);
-              			error=-EPERM;
-			}
-		}
-        	else if( (mask&MAY_WRITE)){
-               		error = lids_check_base(file->f_dentry,LIDS_WRITE);
-			if(error) {
-                 		lids_security_alert("Attempt to open %.1024s for writing,mask=%d",file->f_dentry->d_iname,mask);
-              			error=-EPERM;
-			}
-		}
-        	else if( (mask&MAY_EXEC)){
-			error = lids_check_base(file->f_dentry,LIDS_READONLY);
-			if(error) {
-                 		lids_security_alert("Attempt to for reading %.1024s ,mask=%d",file->f_dentry->d_iname, mask);
-				error = -ENOENT;
-				}
-			
-		}
-	}
-	return error;
+	return 0;
 }
 
 static int lids_file_alloc_security (struct file *file)

Copyright © 2002, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds