lids-1.1.1r2-2.4.18.patch

关于LINUX安全内核的源代码

 static struct linux_binfmt *formats;
 static rwlock_t binfmt_lock = RW_LOCK_UNLOCKED;
 
@@ -859,6 +863,10 @@
 	struct file *file;
 	int retval;
 	int i;
+#ifdef CONFIG_LIDS
+	struct dentry *dentry;
+	char **lidsenvp=envp;
+#endif
 
 	file = open_exec(filename);
 
@@ -866,6 +874,11 @@
 	if (IS_ERR(file))
 		return retval;
 
+#ifdef CONFIG_LIDS
+	LIDS_DBG("##### pid %i exec [%s]\n",current->pid,filename);
+	dentry = file->f_dentry;
+#endif
+
 	bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
 	memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0])); 
 
@@ -903,11 +916,118 @@
 	if (retval < 0) 
 		goto out; 
 
+
+#ifdef CONFIG_LIDS
+	/* check if this program is protected or not */
+	if (lids_check_base(dentry,LIDS_APPEND)) {
+		/* if it is protected, set the ACLs */
+		struct lids_task_acl current_acl,computed_acl;
+		struct lids_sys_acl *new_sys_acl;
+		
+		lids_get_task_acl(&current_acl, current);
+		new_sys_acl = lids_search_acl(dentry->d_inode->i_ino,dentry->d_inode->i_dev,lids_current);
+		if (lids_compute_acls(&current_acl,new_sys_acl,&computed_acl) < 0) {
+			dput(dentry);
+			return -EPERM;
+		}
+
+		if (lidsenvp 
+		    && ( computed_acl.lids_sys_acl->lids_acl 
+			 || computed_acl.lids_sys_acl->lids_domain
+			 || computed_acl.lids_sys_acl->flags ) 
+		    &&  (!capable2(CAP_SYS_PTRACE)) ) {
+			char *env;
+			char e;
+			for (;;) {
+				if (get_user(env, lidsenvp++)) {
+					LIDS_DBG("EFAULT !?\n");
+					retval=-EFAULT;
+					goto out;
+				}
+				if (!env)
+					break;
+				if ( (!get_user(e, env)) && (e == 'L')
+				     && (!get_user(e, env+1)) && (e == 'D')
+				     && (!get_user(e, env+2)) && (e == '_') ) {
+					char str[128]="{not found}";
+
+					copy_from_user(str, env, 128);
+					lids_security_alert("Attempt to give [%.128s] to privilegied program %.128s (dev %d:%d inode %ld)",
+							    env,
+							    filename,
+							    MAJOR(dentry->d_inode->i_dev),
+							    MINOR(dentry->d_inode->i_dev),
+							    dentry->d_inode->i_ino);
+					lids_free_lids_task_acl(&computed_acl); 
+					lids_init_task_acl(&computed_acl); /* clear the just-freed struct */
+				}
+			}
+		}
+		lids_set_task_acl(&computed_acl,current);
+		lids_free_lids_task_acl(&current_acl);
+	} else {			
+#ifdef CONFIG_LIDS_SA_EXEC_UP
+		if (lids_first_time && lids_load) {
+#ifdef CONFIG_LIDS_NO_EXEC_UP
+			lids_security_alert("Attempt to exec unprotected program %s (dev %d:%d inode %ld) before sealing LIDS",
+					    filename,
+					    MAJOR(dentry->d_inode->i_dev),
+					    MINOR(dentry->d_inode->i_dev),
+					    dentry->d_inode->i_ino);
+			if (dentry)
+				dput(dentry);
+			return -EPERM;
+#else
+			lids_security_alert("Exec'ed unprotected program %s (dev %d:%d inode %ld) before sealing LIDS",
+					    filename,
+					    MAJOR(dentry->d_inode->i_dev),
+					    MINOR(dentry->d_inode->i_dev),
+					    dentry->d_inode->i_ino);
+#endif
+		}
+#endif
+			
+
+		if (current->lids_sys_acl) {
+			/* The program may inherit. let's check that */
+			struct lids_task_acl current_acl,computed_acl;
+			struct lids_sys_acl *new_sys_acl;
+		
+			lids_get_task_acl(&current_acl, current);
+			new_sys_acl = lids_search_acl(dentry->d_inode->i_ino,dentry->d_inode->i_dev,lids_current);
+			if (lids_compute_acls(&current_acl,new_sys_acl,&computed_acl) < 0) {
+				dput(dentry);
+				return -EPERM;
+			}
+
+			if (computed_acl.lids_sys_acl->lids_acl 
+			    || computed_acl.lids_sys_acl->lids_domain
+			    || computed_acl.lids_sys_acl->flags ) {
+				lids_security_alert("Attempt to transmit privileges to an unprotected program (%s dev %d:%d inode %ld)",
+						    filename,
+						    MAJOR(dentry->d_inode->i_dev),
+						    MINOR(dentry->d_inode->i_dev),
+						    dentry->d_inode->i_ino);
+			}
+			
+			/* Reset ACLs anyway */
+			current->lids_cap=0;
+			current->lids_sys_acl=NULL;
+			lids_free_lids_task_acl(&current_acl);
+
+		} else { 
+			LIDS_DBG("%i has no lids_sys_acl, and try to exec %s\n", current->pid, filename);
+
+		}
+	}
+#endif
+
 	retval = search_binary_handler(&bprm,regs);
-	if (retval >= 0)
+	if (retval >= 0) {
 		/* execve success */
 		return retval;
-
+	}
+	
 out:
 	/* Something went wrong, return the inode and free the argument pages*/
 	allow_write_access(bprm.file);
@@ -919,7 +1039,7 @@
 		if (page)
 			__free_page(page);
 	}
-
+	
 	return retval;
 }
 
diff -Nru linux-2.4.18-ori/fs/namei.c linux-2.4.18-lids-1.1.1r2/fs/namei.c
--- linux-2.4.18-ori/fs/namei.c	Mon Feb 25 20:38:09 2002
+++ linux-2.4.18-lids-1.1.1r2/fs/namei.c	Thu Apr 11 18:02:44 2002
@@ -26,6 +26,10 @@
 #include <asm/namei.h>
 #include <asm/uaccess.h>
 
+#ifdef CONFIG_LIDS
+#include <linux/lids.h>
+#endif
+
 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
 
 /* [Feb-1997 T. Schoebel-Theuer]
@@ -451,7 +455,10 @@
 	struct inode *inode;
 	int err;
 	unsigned int lookup_flags = nd->flags;
-
+#ifdef CONFIG_LIDS
+	char *lids_file_name;
+	lids_file_name = (char *)name;
+#endif
 	while (*name=='/')
 		name++;
 	if (!*name)
@@ -626,6 +633,19 @@
 		else if (this.len == 2 && this.name[1] == '.')
 			nd->last_type = LAST_DOTDOT;
 return_base:
+#ifdef CONFIG_LIDS
+	if (lids_load && lids_local_load) {
+		if (lids_check_base(nd->dentry,LIDS_READONLY) < 0) { 
+#ifdef CONFIG_LIDS_HANGUP
+			if(current->tty!=NULL)
+               			set_bit(TTY_LIDS_NO_HANGUP, &(current->tty->flags));
+#endif
+			lids_security_alert("access hidden file %s",lids_file_name);
+			err = -ENOENT;
+			break;	
+       		}
+        }
+#endif
 		return 0;
 out_dput:
 		dput(dentry);
@@ -970,20 +990,55 @@
  * for symlinks (where the permissions are checked later).
  * SMP-safe
  */
+
+
+
 int open_namei(const char * pathname, int flag, int mode, struct nameidata *nd)
 {
+
 	int acc_mode, error = 0;
 	struct inode *inode;
 	struct dentry *dentry;
 	struct dentry *dir;
 	int count = 0;
 
-	acc_mode = ACC_MODE(flag);
+#ifdef CONFIG_LIDS
+	/* search the dentry */
+	if(lids_load && lids_local_load) {
+		if (path_init(pathname, lookup_flags(flag), nd))
+			error = path_walk(pathname, nd);
+		if (error)
+			return error;
+		dentry = nd->dentry;
+	
+		/*FIXME: if the dentry need IS_ERR(dentry) */
+                if( (flag&O_ACCMODE) >1) {
+                        if(flag & O_APPEND) {
+                                error = lids_check_base(dentry,LIDS_APPEND);
+				if(error)
+                                	lids_security_alert("Attempt to open %.1024s for appending,flag=%d",pathname,flag);
+			}
+                        else {
+                                error = lids_check_base(dentry,LIDS_WRITE);
+				if(error)
+                                	lids_security_alert("Attempt to open %.1024s for writing,flag=%d",pathname,flag);
+			}
+                        if(error < 0 ) {
+                                error=-EPERM;
+				goto exit;
+                        }
+                }
+		/* try to release the allocated lids_nd*/
+		//dput(dentry);
+		path_release(nd);
+	}
+#endif
 
+	acc_mode = ACC_MODE(flag);
 	/*
 	 * The simplest case - just a plain lookup.
 	 */
-	if (!(flag & O_CREAT)) {
+	if (!(flag & O_CREAT)) { 
 		if (path_init(pathname, lookup_flags(flag), nd))
 			error = path_walk(pathname, nd);
 		if (error)
@@ -1257,6 +1312,18 @@
 
 	mode &= ~current->fs->umask;
 	if (!IS_ERR(dentry)) {
+		
+#ifdef CONFIG_LIDS
+	if (lids_load && lids_local_load) {
+		if (lids_check_base(dentry,LIDS_WRITE)) {
+			lids_security_alert("Attempt to mknod %.1024s (%d %d)",
+				filename,MAJOR(dev),MINOR(dev));
+			dput(dentry);
+			error = -EPERM;
+			goto pout;
+		}
+	}
+#endif
 		switch (mode & S_IFMT) {
 		case 0: case S_IFREG:
 			error = vfs_create(nd.dentry->d_inode,dentry,mode);
@@ -1272,6 +1339,7 @@
 		}
 		dput(dentry);
 	}
+pout:
 	up(&nd.dentry->d_inode->i_sem);
 	path_release(&nd);
 out:
@@ -1324,6 +1392,16 @@
 		dentry = lookup_create(&nd, 1);
 		error = PTR_ERR(dentry);
 		if (!IS_ERR(dentry)) {
+		#ifdef CONFIG_LIDS
+			error = 0; /* FIXME, do we need this? */
+			if (lids_load && lids_local_load) {
+				if (lids_check_base(dentry,LIDS_WRITE)) {
+					lids_security_alert("Attempt to mkdir %.1024s",pathname);
+				error = -EPERM;
+				}
+			}
+			if(!error)
+		#endif
 			error = vfs_mkdir(nd.dentry->d_inode, dentry,
 					  mode & ~current->fs->umask);
 			dput(dentry);
@@ -1432,6 +1510,17 @@
 	dentry = lookup_hash(&nd.last, nd.dentry);
 	error = PTR_ERR(dentry);
 	if (!IS_ERR(dentry)) {
+
+#ifdef CONFIG_LIDS
+		error = 0; /* FIXME, do we actually need this ?*/
+		if (lids_load && lids_local_load) {
+			if (lids_check_base(dentry,LIDS_WRITE)) {
+				lids_security_alert("Attempt to rmdir %.1024s",name);
+				error = -EPERM;
+			}
+		}
+		if(!error)
+#endif
 		error = vfs_rmdir(nd.dentry->d_inode, dentry);
 		dput(dentry);
 	}
@@ -1495,6 +1584,16 @@
 		/* Why not before? Because we want correct error value */
 		if (nd.last.name[nd.last.len])
 			goto slashes;
+#ifdef CONFIG_LIDS
+		error = 0; /* FIXME, do we actually need this ?*/
+		if (lids_load && lids_local_load) {
+			if (lids_check_base(dentry,LIDS_WRITE)) {
+				lids_security_alert("Attempt to unlink %.1024s",pathname);
+				error = -EPERM;
+			}
+		}
+		if(!error)
+#endif
 		error = vfs_unlink(nd.dentry->d_inode, dentry);
 	exit2:
 		dput(dentry);
@@ -1560,6 +1659,16 @@
 		dentry = lookup_create(&nd, 0);
 		error = PTR_ERR(dentry);
 		if (!IS_ERR(dentry)) {
+#ifdef CONFIG_LIDS
+		error = 0; /* FIXME, do we actually need this ?*/
+		if (lids_load && lids_local_load) {
+			if (lids_check_base(dentry,LIDS_WRITE)) {
+				lids_security_alert("Attempt to symlink %.1024s to %.1024s", oldname,newname);
+				error = -EPERM;
+			}
+		}
+		if(!error)
+#endif
 			error = vfs_symlink(nd.dentry->d_inode, dentry, from);
 			dput(dentry);
 		}
@@ -1651,6 +1760,16 @@
 		new_dentry = lookup_create(&nd, 0);
 		error = PTR_ERR(new_dentry);
 		if (!IS_ERR(new_dentry)) {
+#ifdef CONFIG_LIDS
+		error = 0; /* FIXME, do we actually need this ?*/
+		if (lids_load && lids_local_load) {
+			if (lids_check_base(old_nd.dentry,LIDS_WRITE) || lids_check_base(new_dentry,LIDS_WRITE)) {
+				lids_security_alert("Attempt to link %.1024s to %.1024s", oldname,newname);
+				error = -EPERM;
+			}
+		}
+		if(!error)
+#endif
 			error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
 			dput(new_dentry);
 		}
@@ -1889,11 +2008,25 @@
 	if (IS_ERR(new_dentry))
 		goto exit4;
 
+#ifdef CONFIG_LIDS
+	error = 0;
+	if (lids_load && lids_local_load) {
+		if (lids_check_base(old_dentry,LIDS_WRITE) ||
+			lids_check_base(new_dentry,LIDS_WRITE)) {
+			lids_security_alert("Attempt to rename %.1024s to %.1024s", oldname,newname);
+			error = -EPERM;
+			goto exit_new;
+		}
+	}
+	if(!error) 
+#endif
+	{
 	lock_kernel();
 	error = vfs_rename(old_dir->d_inode, old_dentry,
 				   new_dir->d_inode, new_dentry);
 	unlock_kernel();
-
+	}
+exit_new:
 	dput(new_dentry);
 exit4:
 	dput(old_dentry);
diff -Nru linux-2.4.18-ori/fs/namespace.c linux-2.4.18-lids-1.1.1r2/fs/namespace.c
--- linux-2.4.18-ori/fs/namespace.c	Mon Feb 25 20:38:09 2002
+++ linux-2.4.18-lids-1.1.1r2/fs/namespace.c	Tue Apr 30 14:39:47 2002
@@ -387,8 +387,12 @@
 		goto dput_and_out;
 
 	retval = -EPERM;
-	if (!capable(CAP_SYS_ADMIN))
+	if (!capable(CAP_SYS_ADMIN)) {
+#ifdef CONFIG_LIDS
+		lids_security_alert("CAP_SYS_ADMIN violation: try to umount %s",name);
+#endif
 		goto dput_and_out;
+	}
 
 	retval = do_umount(nd.mnt, flags);
 dput_and_out:
@@ -408,9 +412,13 @@
 
 static int mount_is_safe(struct nameidata *nd)
 {
-	if (capable(CAP_SYS_ADMIN))
+	if (capable(CAP_SYS_ADMIN)) {
 		return 0;
-	return -EPERM;
+	}