X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=security%2Fseclvl.c;h=441beaf1bbc1d104ea7c51706bd2f777feac44e2;hb=43bc926fffd92024b46cafaf7350d669ba9ca884;hp=8a0ab0d7949e048a05c6cbe3da265f0246e857bc;hpb=f7f1b0f1e2fbadeab12d24236000e778aa9b1ead;p=linux-2.6.git diff --git a/security/seclvl.c b/security/seclvl.c index 8a0ab0d79..441beaf1b 100644 --- a/security/seclvl.c +++ b/security/seclvl.c @@ -8,6 +8,7 @@ * Copyright (c) 2001 WireX Communications, Inc * Copyright (c) 2001 Greg Kroah-Hartman * Copyright (c) 2002 International Business Machines + * Copyright (c) 2006 Davi E. M. Arnaut * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,6 +32,7 @@ #include #include #include +#include #include #include @@ -118,69 +120,6 @@ MODULE_PARM_DESC(hideHash, "When set to 0, reading seclvl/passwd from sysfs " } \ } while (0) -/** - * kobject stuff - */ - -struct subsystem seclvl_subsys; - -struct seclvl_obj { - char *name; - struct list_head slot_list; - struct kobject kobj; -}; - -/** - * There is a seclvl_attribute struct for each file in sysfs. - * - * In our case, we have one of these structs for "passwd" and another - * for "seclvl". - */ -struct seclvl_attribute { - struct attribute attr; - ssize_t(*show) (struct seclvl_obj *, char *); - ssize_t(*store) (struct seclvl_obj *, const char *, size_t); -}; - -/** - * When this function is called, one of the files in sysfs is being - * written to. attribute->store is a function pointer to whatever the - * struct seclvl_attribute store function pointer points to. It is - * unique for "passwd" and "seclvl". - */ -static ssize_t -seclvl_attr_store(struct kobject *kobj, - struct attribute *attr, const char *buf, size_t len) -{ - struct seclvl_obj *obj = container_of(kobj, struct seclvl_obj, kobj); - struct seclvl_attribute *attribute = - container_of(attr, struct seclvl_attribute, attr); - return (attribute->store ? attribute->store(obj, buf, len) : 0); -} - -static ssize_t -seclvl_attr_show(struct kobject *kobj, struct attribute *attr, char *buf) -{ - struct seclvl_obj *obj = container_of(kobj, struct seclvl_obj, kobj); - struct seclvl_attribute *attribute = - container_of(attr, struct seclvl_attribute, attr); - return (attribute->show ? attribute->show(obj, buf) : 0); -} - -/** - * Callback function pointers for show and store - */ -static struct sysfs_ops seclvlfs_sysfs_ops = { - .show = seclvl_attr_show, - .store = seclvl_attr_store, -}; - -static struct kobj_type seclvl_ktype = { - .sysfs_ops = &seclvlfs_sysfs_ops -}; - -decl_subsys(seclvl, &seclvl_ktype, NULL); - /** * The actual security level. Ranges between -1 and 2 inclusive. */ @@ -212,97 +151,44 @@ static int seclvl_sanity(int reqlvl) return 0; } -/** - * Called whenever the user reads the sysfs handle to this kernel - * object - */ -static ssize_t seclvl_read_file(struct seclvl_obj *obj, char *buff) -{ - return snprintf(buff, PAGE_SIZE, "%d\n", seclvl); -} - /** * security level advancement rules: * Valid levels are -1 through 2, inclusive. * From -1, stuck. [ in case compiled into kernel ] * From 0 or above, can only increment. */ -static int do_seclvl_advance(int newlvl) +static void do_seclvl_advance(void *data, u64 val) { - if (newlvl <= seclvl) { - seclvl_printk(1, KERN_WARNING, "Cannot advance to seclvl " - "[%d]\n", newlvl); - return -EINVAL; - } + int ret; + int newlvl = (int)val; + + ret = seclvl_sanity(newlvl); + if (ret) + return; + if (newlvl > 2) { seclvl_printk(1, KERN_WARNING, "Cannot advance to seclvl " "[%d]\n", newlvl); - return -EINVAL; + return; } if (seclvl == -1) { seclvl_printk(1, KERN_WARNING, "Not allowed to advance to " "seclvl [%d]\n", seclvl); - return -EPERM; + return; } - seclvl = newlvl; - return 0; + seclvl = newlvl; /* would it be more "correct" to set *data? */ + return; } -/** - * Called whenever the user writes to the sysfs handle to this kernel - * object (seclvl/seclvl). It expects a single-digit number. - */ -static ssize_t -seclvl_write_file(struct seclvl_obj *obj, const char *buff, size_t count) +static u64 seclvl_int_get(void *data) { - unsigned long val; - if (count > 2 || (count == 2 && buff[1] != '\n')) { - seclvl_printk(1, KERN_WARNING, "Invalid value passed to " - "seclvl: [%s]\n", buff); - return -EINVAL; - } - val = buff[0] - 48; - if (seclvl_sanity(val)) { - seclvl_printk(1, KERN_WARNING, "Illegal secure level " - "requested: [%d]\n", (int)val); - return -EPERM; - } - if (do_seclvl_advance(val)) { - seclvl_printk(0, KERN_ERR, "Failure advancing security level " - "to %lu\n", val); - } - return count; + return *(int *)data; } -/* Generate sysfs_attr_seclvl */ -static struct seclvl_attribute sysfs_attr_seclvl = -__ATTR(seclvl, (S_IFREG | S_IRUGO | S_IWUSR), seclvl_read_file, - seclvl_write_file); +DEFINE_SIMPLE_ATTRIBUTE(seclvl_file_ops, seclvl_int_get, do_seclvl_advance, "%lld\n"); static unsigned char hashedPassword[SHA1_DIGEST_SIZE]; -/** - * Called whenever the user reads the sysfs passwd handle. - */ -static ssize_t seclvl_read_passwd(struct seclvl_obj *obj, char *buff) -{ - /* So just how good *is* your password? :-) */ - char tmp[3]; - int i = 0; - buff[0] = '\0'; - if (hideHash) { - /* Security through obscurity */ - return 0; - } - while (i < SHA1_DIGEST_SIZE) { - snprintf(tmp, 3, "%02x", hashedPassword[i]); - strncat(buff, tmp, 2); - i++; - } - strcat(buff, "\n"); - return ((SHA1_DIGEST_SIZE * 2) + 1); -} - /** * Converts a block of plaintext of into its SHA1 hashed value. * @@ -310,35 +196,27 @@ static ssize_t seclvl_read_passwd(struct seclvl_obj *obj, char *buff) * people... */ static int -plaintext_to_sha1(unsigned char *hash, const char *plaintext, int len) +plaintext_to_sha1(unsigned char *hash, const char *plaintext, unsigned int len) { - char *pgVirtAddr; struct crypto_tfm *tfm; - struct scatterlist sg[1]; + struct scatterlist sg; if (len > PAGE_SIZE) { seclvl_printk(0, KERN_ERR, "Plaintext password too large (%d " "characters). Largest possible is %lu " "bytes.\n", len, PAGE_SIZE); - return -ENOMEM; + return -EINVAL; } - tfm = crypto_alloc_tfm("sha1", 0); + tfm = crypto_alloc_tfm("sha1", CRYPTO_TFM_REQ_MAY_SLEEP); if (tfm == NULL) { seclvl_printk(0, KERN_ERR, "Failed to load transform for SHA1\n"); - return -ENOSYS; + return -EINVAL; } - // Just get a new page; don't play around with page boundaries - // and scatterlists. - pgVirtAddr = (char *)__get_free_page(GFP_KERNEL); - sg[0].page = virt_to_page(pgVirtAddr); - sg[0].offset = 0; - sg[0].length = len; - strncpy(pgVirtAddr, plaintext, len); + sg_init_one(&sg, (u8 *)plaintext, len); crypto_digest_init(tfm); - crypto_digest_update(tfm, sg, 1); + crypto_digest_update(tfm, &sg, 1); crypto_digest_final(tfm, hash); crypto_free_tfm(tfm); - free_page((unsigned long)pgVirtAddr); return 0; } @@ -347,12 +225,13 @@ plaintext_to_sha1(unsigned char *hash, const char *plaintext, int len) * object. It hashes the password and compares the hashed results. */ static ssize_t -seclvl_write_passwd(struct seclvl_obj *obj, const char *buff, size_t count) +passwd_write_file(struct file * file, const char __user * buf, + size_t count, loff_t *ppos) { - int i; - unsigned char tmp[SHA1_DIGEST_SIZE]; - int rc; + char *p; int len; + unsigned char tmp[SHA1_DIGEST_SIZE]; + if (!*passwd && !*sha1_passwd) { seclvl_printk(0, KERN_ERR, "Attempt to password-unlock the " "seclvl module, but neither a plain text " @@ -363,45 +242,57 @@ seclvl_write_passwd(struct seclvl_obj *obj, const char *buff, size_t count) "maintainer about this event.\n"); return -EINVAL; } - len = strlen(buff); + + if (count >= PAGE_SIZE) + return -EINVAL; + if (*ppos != 0) + return -EINVAL; + p = kmalloc(count, GFP_KERNEL); + if (!p) + return -ENOMEM; + len = -EFAULT; + if (copy_from_user(p, buf, count)) + goto out; + + len = count; /* ``echo "secret" > seclvl/passwd'' includes a newline */ - if (buff[len - 1] == '\n') { + if (p[len - 1] == '\n') len--; - } /* Hash the password, then compare the hashed values */ - if ((rc = plaintext_to_sha1(tmp, buff, len))) { + if ((len = plaintext_to_sha1(tmp, p, len))) { seclvl_printk(0, KERN_ERR, "Error hashing password: rc = " - "[%d]\n", rc); - return rc; - } - for (i = 0; i < SHA1_DIGEST_SIZE; i++) { - if (hashedPassword[i] != tmp[i]) { - return -EPERM; - } + "[%d]\n", len); + goto out; } + + len = -EPERM; + if (memcmp(hashedPassword, tmp, SHA1_DIGEST_SIZE)) + goto out; + seclvl_printk(0, KERN_INFO, "Password accepted; seclvl reduced to 0.\n"); seclvl = 0; - return count; + len = count; + +out: + kfree (p); + return len; } -/* Generate sysfs_attr_passwd */ -static struct seclvl_attribute sysfs_attr_passwd = -__ATTR(passwd, (S_IFREG | S_IRUGO | S_IWUSR), seclvl_read_passwd, - seclvl_write_passwd); +static struct file_operations passwd_file_ops = { + .write = passwd_write_file, +}; /** * Explicitely disallow ptrace'ing the init process. */ static int seclvl_ptrace(struct task_struct *parent, struct task_struct *child) { - if (seclvl >= 0) { - if (child->pid == 1) { - seclvl_printk(1, KERN_WARNING, "Attempt to ptrace " - "the init process dissallowed in " - "secure level %d\n", seclvl); - return -EPERM; - } + if (seclvl >= 0 && child->pid == 1) { + seclvl_printk(1, KERN_WARNING, "Attempt to ptrace " + "the init process dissallowed in " + "secure level %d\n", seclvl); + return -EPERM; } return 0; } @@ -412,55 +303,54 @@ static int seclvl_ptrace(struct task_struct *parent, struct task_struct *child) */ static int seclvl_capable(struct task_struct *tsk, int cap) { + int rc = 0; + /* init can do anything it wants */ if (tsk->pid == 1) return 0; - switch (seclvl) { - case 2: - /* fall through */ - case 1: - if (cap == CAP_LINUX_IMMUTABLE) { + if (seclvl > 0) { + rc = -EPERM; + + if (cap == CAP_LINUX_IMMUTABLE) seclvl_printk(1, KERN_WARNING, "Attempt to modify " "the IMMUTABLE and/or APPEND extended " "attribute on a file with the IMMUTABLE " "and/or APPEND extended attribute set " "denied in seclvl [%d]\n", seclvl); - return -EPERM; - } else if (cap == CAP_SYS_RAWIO) { // Somewhat broad... + else if (cap == CAP_SYS_RAWIO) seclvl_printk(1, KERN_WARNING, "Attempt to perform " "raw I/O while in secure level [%d] " "denied\n", seclvl); - return -EPERM; - } else if (cap == CAP_NET_ADMIN) { + else if (cap == CAP_NET_ADMIN) seclvl_printk(1, KERN_WARNING, "Attempt to perform " "network administrative task while " "in secure level [%d] denied\n", seclvl); - return -EPERM; - } else if (cap == CAP_SETUID) { + else if (cap == CAP_SETUID) seclvl_printk(1, KERN_WARNING, "Attempt to setuid " "while in secure level [%d] denied\n", seclvl); - return -EPERM; - } else if (cap == CAP_SETGID) { + else if (cap == CAP_SETGID) seclvl_printk(1, KERN_WARNING, "Attempt to setgid " "while in secure level [%d] denied\n", seclvl); - } else if (cap == CAP_SYS_MODULE) { + else if (cap == CAP_SYS_MODULE) seclvl_printk(1, KERN_WARNING, "Attempt to perform " "a module operation while in secure " "level [%d] denied\n", seclvl); - return -EPERM; - } - break; - default: - break; + else + rc = 0; } - /* from dummy.c */ - if (cap_is_fs_cap(cap) ? tsk->fsuid == 0 : tsk->euid == 0) - return 0; /* capability granted */ - seclvl_printk(1, KERN_WARNING, "Capability denied\n"); - return -EPERM; /* capability denied */ + + if (!rc) { + if (!(cap_is_fs_cap(cap) ? tsk->fsuid == 0 : tsk->euid == 0)) + rc = -EPERM; + } + + if (rc) + seclvl_printk(1, KERN_WARNING, "Capability denied\n"); + + return rc; } /** @@ -468,8 +358,8 @@ static int seclvl_capable(struct task_struct *tsk, int cap) */ static int seclvl_settime(struct timespec *tv, struct timezone *tz) { - struct timespec now; - if (seclvl > 1) { + if (tv && seclvl > 1) { + struct timespec now; now = current_kernel_time(); if (tv->tv_sec < now.tv_sec || (tv->tv_sec == now.tv_sec && tv->tv_nsec < now.tv_nsec)) { @@ -566,12 +456,9 @@ static int seclvl_inode_setattr(struct dentry *dentry, struct iattr *iattr) static void seclvl_file_free_security(struct file *filp) { struct dentry *dentry = filp->f_dentry; - struct inode *inode = NULL; - if (dentry) { - inode = dentry->d_inode; - seclvl_bd_release(inode); - } + if (dentry) + seclvl_bd_release(dentry->d_inode); } /** @@ -579,10 +466,7 @@ static void seclvl_file_free_security(struct file *filp) */ static int seclvl_umount(struct vfsmount *mnt, int flags) { - if (current->pid == 1) { - return 0; - } - if (seclvl == 2) { + if (current->pid != 1 && seclvl == 2) { seclvl_printk(1, KERN_WARNING, "Attempt to unmount in secure " "level %d\n", seclvl); return -EPERM; @@ -606,8 +490,9 @@ static struct security_operations seclvl_ops = { static int processPassword(void) { int rc = 0; - hashedPassword[0] = '\0'; if (*passwd) { + char *p; + if (*sha1_passwd) { seclvl_printk(0, KERN_ERR, "Error: Both " "passwd and sha1_passwd " @@ -615,12 +500,16 @@ static int processPassword(void) "exclusive.\n"); return -EINVAL; } - if ((rc = plaintext_to_sha1(hashedPassword, passwd, - strlen(passwd)))) { + + p = kstrdup(passwd, GFP_KERNEL); + if (p == NULL) + return -ENOMEM; + + if ((rc = plaintext_to_sha1(hashedPassword, p, strlen(p)))) seclvl_printk(0, KERN_ERR, "Error: SHA1 support not " "in kernel\n"); - return rc; - } + + kfree (p); /* All static data goes to the BSS, which zero's the * plaintext password out for us. */ } else if (*sha1_passwd) { // Base 16 @@ -643,26 +532,56 @@ static int processPassword(void) sha1_passwd[i + 2] = tmp; } } - return 0; + return rc; } /** - * Sysfs registrations + * securityfs registrations */ -static int doSysfsRegistrations(void) +struct dentry *dir_ino, *seclvl_ino, *passwd_ino; + +static int seclvlfs_register(void) { int rc = 0; - if ((rc = subsystem_register(&seclvl_subsys))) { - seclvl_printk(0, KERN_WARNING, - "Error [%d] registering seclvl subsystem\n", rc); - return rc; + + dir_ino = securityfs_create_dir("seclvl", NULL); + + if (IS_ERR(dir_ino)) + return PTR_ERR(dir_ino); + + seclvl_ino = securityfs_create_file("seclvl", S_IRUGO | S_IWUSR, + dir_ino, &seclvl, &seclvl_file_ops); + if (IS_ERR(seclvl_ino)) { + rc = PTR_ERR(seclvl_ino); + goto out_deldir; } - sysfs_create_file(&seclvl_subsys.kset.kobj, &sysfs_attr_seclvl.attr); if (*passwd || *sha1_passwd) { - sysfs_create_file(&seclvl_subsys.kset.kobj, - &sysfs_attr_passwd.attr); + passwd_ino = securityfs_create_file("passwd", S_IRUGO | S_IWUSR, + dir_ino, NULL, &passwd_file_ops); + if (IS_ERR(passwd_ino)) { + rc = PTR_ERR(passwd_ino); + goto out_delf; + } } - return 0; + return rc; + +out_delf: + securityfs_remove(seclvl_ino); + +out_deldir: + securityfs_remove(dir_ino); + + return rc; +} + +static void seclvlfs_unregister(void) +{ + securityfs_remove(seclvl_ino); + + if (*passwd || *sha1_passwd) + securityfs_remove(passwd_ino); + + securityfs_remove(dir_ino); } /** @@ -671,14 +590,14 @@ static int doSysfsRegistrations(void) static int __init seclvl_init(void) { int rc = 0; + static char once; + if (verbosity < 0 || verbosity > 1) { printk(KERN_ERR "Error: bad verbosity [%d]; only 0 or 1 " "are valid values\n", verbosity); rc = -EINVAL; goto exit; } - sysfs_attr_seclvl.attr.owner = THIS_MODULE; - sysfs_attr_passwd.attr.owner = THIS_MODULE; if (initlvl < -1 || initlvl > 2) { seclvl_printk(0, KERN_ERR, "Error: bad initial securelevel " "[%d].\n", initlvl); @@ -691,6 +610,11 @@ static int __init seclvl_init(void) "module parameter(s): rc = [%d]\n", rc); goto exit; } + + if ((rc = seclvlfs_register())) { + seclvl_printk(0, KERN_ERR, "Error registering with sysfs\n"); + goto exit; + } /* register ourselves with the security framework */ if (register_security(&seclvl_ops)) { seclvl_printk(0, KERN_ERR, @@ -702,20 +626,24 @@ static int __init seclvl_init(void) seclvl_printk(0, KERN_ERR, "seclvl: Failure " "registering with primary security " "module.\n"); + seclvlfs_unregister(); goto exit; } /* if primary module registered */ secondary = 1; } /* if we registered ourselves with the security framework */ - if ((rc = doSysfsRegistrations())) { - seclvl_printk(0, KERN_ERR, "Error registering with sysfs\n"); - goto exit; - } + seclvl_printk(0, KERN_INFO, "seclvl: Successfully initialized.\n"); + + if (once) { + once = 1; + seclvl_printk(0, KERN_INFO, "seclvl is going away. It has been " + "buggy for ages. Also, be warned that " + "Securelevels are useless."); + } exit: - if (rc) { + if (rc) printk(KERN_ERR "seclvl: Error during initialization: rc = " "[%d]\n", rc); - } return rc; } @@ -724,19 +652,14 @@ static int __init seclvl_init(void) */ static void __exit seclvl_exit(void) { - sysfs_remove_file(&seclvl_subsys.kset.kobj, &sysfs_attr_seclvl.attr); - if (*passwd || *sha1_passwd) { - sysfs_remove_file(&seclvl_subsys.kset.kobj, - &sysfs_attr_passwd.attr); - } - subsystem_unregister(&seclvl_subsys); - if (secondary == 1) { + seclvlfs_unregister(); + + if (secondary) mod_unreg_security(MY_NAME, &seclvl_ops); - } else if (unregister_security(&seclvl_ops)) { + else if (unregister_security(&seclvl_ops)) seclvl_printk(0, KERN_INFO, "seclvl: Failure unregistering with the " "kernel\n"); - } } module_init(seclvl_init);