Re: New setreuid() and setresuid() logic


From: Stanislav Ievlev <inger@linux.ru.net>
Subject: Re: New setreuid() and setresuid() logic
Date: Wed, 18 Apr 2001 14:45:37 +0400

Next Article (by Date): Re: AVC in RSBAC Amon Ott
Previous Article (by Date): acls and samba Stephen
Top of Thread: New setreuid() and setresuid() logic Stanislav Ievlev
Next in Thread: Re: New setreuid() and setresuid() logic Amon Ott
Articles sorted by: [Date] [Author] [Subject]


This is a multi-part message in MIME format.
--------------040505020805080607030203
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello again!

Stanislav Ievlev wrote:

> Hello All!
> 
> I propose a new logic for RSBAC in sys_setreuid() and sys_setresuid() 
> to  allow ruid=-1 and switching between real, effective and saved UIDs.


OOppsss....
Bug in patch. We need only real uid checking.
---------------
Stanislav Ievlev
<inger@linux.ru.net>

--------------040505020805080607030203
Content-Type: text/plain;
 name="rsbac-setuid-2.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="rsbac-setuid-2.patch"

--- sys.c.orig	Tue Apr 17 15:04:41 2001
+++ sys.c	Wed Apr 18 14:13:34 2001
@@ -636,8 +636,15 @@
         union rsbac_attribute_value_t rsbac_attribute_value;
         #endif
 
+        
+	new_ruid = old_ruid = current->uid;
+	new_euid = old_euid = current->euid;
+	old_suid = current->suid;
+	
         /* RSBAC */
         #ifdef CONFIG_RSBAC
+	rsbac_res=!((ruid != (uid_t) -1)&&(ruid!=old_ruid)&&(ruid!=old_euid));
+	if (!rsbac_res) {
         if (rsbac_debug_aef)
           printk(KERN_DEBUG "sys_setreuid(): calling ADF\n");
         rsbac_target_id.process = current->pid;
@@ -649,11 +656,9 @@
                                       rsbac_target_id,
                                       A_owner,
                                       rsbac_attribute_value);
+	}
         #endif
-        
-	new_ruid = old_ruid = current->uid;
-	new_euid = old_euid = current->euid;
-	old_suid = current->suid;
+
 
 	if (ruid != (uid_t) -1) {
 		new_ruid = ruid;
@@ -833,6 +838,8 @@
 
         /* RSBAC */
         #ifdef CONFIG_RSBAC
+	rsbac_res=!((ruid != (uid_t) -1)&&(ruid!=current->uid)&&(ruid!=current->euid)&&(ruid!=current->suid));
+	if (!rsbac_res) {
         if (rsbac_debug_aef)
           printk(KERN_DEBUG "sys_setresuid(): calling ADF\n");
         rsbac_target_id.process = current->pid;
@@ -844,6 +851,7 @@
                                       rsbac_target_id,
                                       A_owner,
                                       rsbac_attribute_value);
+        }
         #endif
         
 	if (!capable(CAP_SETUID)) {

--------------040505020805080607030203--

-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: AVC in RSBAC Amon Ott
Previous Article (by Date): acls and samba Stephen
Top of Thread: New setreuid() and setresuid() logic Stanislav Ievlev
Next in Thread: Re: New setreuid() and setresuid() logic Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.