From: Stanislav Ievlev <inger@linux.ru.net>
Subject: New setreuid() and setresuid() logic
Date: Tue, 17 Apr 2001 15:23:23 +0400
Next Article (by Author): AVC in RSBAC Stanislav Ievlev
Previous Article (by Author): Re: rsbac-v1.1.2-pre2 uploaded Stanislav Ievlev
Next in Thread: Re: New setreuid() and setresuid() logic Stanislav Ievlev
Articles sorted by: [Date]
[Author]
[Subject]
This is a multi-part message in MIME format. --------------050109060807000909060308 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hello All! I propose a new logic for RSBAC in sys_setreuid() and sys_setresuid() to allow ruid=-1 and switching between real, effective and saved UIDs. Patch in attach. -------------------- With best regards Stanislav Ievlev <inger@linux.ru.net> --------------050109060807000909060308 Content-Type: text/plain; name="rsbac-setuid.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="rsbac-setuid.patch" --- sys.c.orig Tue Apr 17 15:04:41 2001 +++ sys.c Tue Apr 17 14:45:26 2001 @@ -636,8 +636,17 @@ union rsbac_attribute_value_t rsbac_attribute_value; #endif + + new_ruid = old_ruid = current->uid; + new_euid = old_euid = current->euid; + old_suid = current->suid; + /* RSBAC */ #ifdef CONFIG_RSBAC + rsbac_res=!(((ruid != (uid_t) -1)&&(ruid!=old_ruid)&&(ruid!=old_euid))|| + ((ruid != (uid_t) -1)&&(euid!=old_euid)&&(euid!=old_ruid)&&(euid!=current->suid))); + + if (!rsbac_res) { if (rsbac_debug_aef) printk(KERN_DEBUG "sys_setreuid(): calling ADF\n"); rsbac_target_id.process = current->pid; @@ -649,11 +658,9 @@ rsbac_target_id, A_owner, rsbac_attribute_value); + } #endif - - new_ruid = old_ruid = current->uid; - new_euid = old_euid = current->euid; - old_suid = current->suid; + if (ruid != (uid_t) -1) { new_ruid = ruid; @@ -833,6 +840,11 @@ /* RSBAC */ #ifdef CONFIG_RSBAC + rsbac_res=!( ((ruid!=(uid_t) -1)&&(ruid!=current->uid)&&(ruid!=current->euid)&&(ruid!=current->suid))|| + ((euid!=(uid_t) -1)&&(euid!=current->uid)&&(euid!=current->euid)&&(euid!=current->suid))|| + ((suid!=(uid_t) -1)&&(suid!=current->uid)&&(suid!=current->euid)&&(suid!=current->suid)) + ); + if (!rsbac_res) { if (rsbac_debug_aef) printk(KERN_DEBUG "sys_setresuid(): calling ADF\n"); rsbac_target_id.process = current->pid; @@ -844,6 +856,7 @@ rsbac_target_id, A_owner, rsbac_attribute_value); + } #endif if (!capable(CAP_SETUID)) { --------------050109060807000909060308-- - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Author): AVC in RSBAC Stanislav Ievlev
Previous Article (by Author): Re: rsbac-v1.1.2-pre2 uploaded Stanislav Ievlev
Next in Thread: Re: New setreuid() and setresuid() logic Stanislav Ievlev
Articles sorted by: [Date]
[Author]
[Subject]