New setreuid() and setresuid() logic


From: Stanislav Ievlev <inger@linux.ru.net>
Subject: New setreuid() and setresuid() logic
Date: Tue, 17 Apr 2001 15:23:23 +0400

Next Article (by Author): AVC in RSBAC Stanislav Ievlev
Previous Article (by Author): Re: rsbac-v1.1.2-pre2 uploaded Stanislav Ievlev
Next in Thread: Re: New setreuid() and setresuid() logic Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject]


This is a multi-part message in MIME format.
--------------050109060807000909060308
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello All!

I propose a new logic for RSBAC in sys_setreuid() and sys_setresuid() to 
allow ruid=-1 and switching between real, effective and saved UIDs.

Patch in attach.
--------------------
With best regards
Stanislav Ievlev
<inger@linux.ru.net>

--------------050109060807000909060308
Content-Type: text/plain;
 name="rsbac-setuid.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="rsbac-setuid.patch"

--- sys.c.orig	Tue Apr 17 15:04:41 2001
+++ sys.c	Tue Apr 17 14:45:26 2001
@@ -636,8 +636,17 @@
         union rsbac_attribute_value_t rsbac_attribute_value;
         #endif
 
+        
+	new_ruid = old_ruid = current->uid;
+	new_euid = old_euid = current->euid;
+	old_suid = current->suid;
+	
         /* RSBAC */
         #ifdef CONFIG_RSBAC
+	rsbac_res=!(((ruid != (uid_t) -1)&&(ruid!=old_ruid)&&(ruid!=old_euid))||
+		   ((ruid != (uid_t) -1)&&(euid!=old_euid)&&(euid!=old_ruid)&&(euid!=current->suid)));
+
+	if (!rsbac_res) {
         if (rsbac_debug_aef)
           printk(KERN_DEBUG "sys_setreuid(): calling ADF\n");
         rsbac_target_id.process = current->pid;
@@ -649,11 +658,9 @@
                                       rsbac_target_id,
                                       A_owner,
                                       rsbac_attribute_value);
+	}
         #endif
-        
-	new_ruid = old_ruid = current->uid;
-	new_euid = old_euid = current->euid;
-	old_suid = current->suid;
+
 
 	if (ruid != (uid_t) -1) {
 		new_ruid = ruid;
@@ -833,6 +840,11 @@
 
         /* RSBAC */
         #ifdef CONFIG_RSBAC
+	rsbac_res=!( ((ruid!=(uid_t) -1)&&(ruid!=current->uid)&&(ruid!=current->euid)&&(ruid!=current->suid))||
+	             ((euid!=(uid_t) -1)&&(euid!=current->uid)&&(euid!=current->euid)&&(euid!=current->suid))||
+		     ((suid!=(uid_t) -1)&&(suid!=current->uid)&&(suid!=current->euid)&&(suid!=current->suid))
+		    );
+	if (!rsbac_res) {
         if (rsbac_debug_aef)
           printk(KERN_DEBUG "sys_setresuid(): calling ADF\n");
         rsbac_target_id.process = current->pid;
@@ -844,6 +856,7 @@
                                       rsbac_target_id,
                                       A_owner,
                                       rsbac_attribute_value);
+        }
         #endif
         
 	if (!capable(CAP_SETUID)) {

--------------050109060807000909060308--

-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): AVC in RSBAC Stanislav Ievlev
Previous Article (by Author): Re: rsbac-v1.1.2-pre2 uploaded Stanislav Ievlev
Next in Thread: Re: New setreuid() and setresuid() logic Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.