diff options
author | Kyle McMartin <kyle@redhat.com> | 2011-06-17 13:21:55 -0400 |
---|---|---|
committer | Kyle McMartin <kyle@redhat.com> | 2011-06-17 13:21:55 -0400 |
commit | 7918b0cd6c5f47d393401069a9ffb72b1e021880 (patch) | |
tree | 7b79e97ce50c1dbb5d385f3f56c9e1de4b72097b /linux-2.6-selinux-mprotect-checks.patch | |
parent | f9204b5a274a6150d3d95cb07571de5e387c48aa (diff) | |
download | kernel-7918b0cd6c5f47d393401069a9ffb72b1e021880.tar.gz kernel-7918b0cd6c5f47d393401069a9ffb72b1e021880.tar.xz kernel-7918b0cd6c5f47d393401069a9ffb72b1e021880.zip |
re-sync more patches
Diffstat (limited to 'linux-2.6-selinux-mprotect-checks.patch')
-rw-r--r-- | linux-2.6-selinux-mprotect-checks.patch | 124 |
1 files changed, 0 insertions, 124 deletions
diff --git a/linux-2.6-selinux-mprotect-checks.patch b/linux-2.6-selinux-mprotect-checks.patch deleted file mode 100644 index 010a63c43..000000000 --- a/linux-2.6-selinux-mprotect-checks.patch +++ /dev/null @@ -1,124 +0,0 @@ -This needs a fixed toolchain, and a userspace rebuild to work. -For these reasons, it's had difficulty getting upstream. - -ie, Fedora has a new enough toolchain, and has been rebuilt, so we don't need -the ifdefs. Other distros don't/haven't, and this patch would break them -if pushed upstream. - - -Subject: [Fwd: Re: [PATCH] Disable execmem for sparc] -From: Stephen Smalley <sds@tycho.nsa.gov> -To: Dave Jones <davej@redhat.com> -Date: Wed, 28 Apr 2010 16:04:56 -0400 -Message-Id: <1272485096.6013.326.camel@moss-pluto.epoch.ncsc.mil> - --------- Forwarded Message -------- -From: Stephen Smalley <sds@tycho.nsa.gov> -To: David Miller <davem@davemloft.net> -Cc: tcallawa@redhat.com, dennis@ausil.us, sparclinux@vger.kernel.org, dgilmore@redhat.com, jmorris@namei.org, eparis@parisplace.org -Subject: Re: [PATCH] Disable execmem for sparc -Date: Wed, 28 Apr 2010 15:57:57 -0400 - -On Tue, 2010-04-27 at 11:47 -0700, David Miller wrote: -> From: "Tom \"spot\" Callaway" <tcallawa@redhat.com> -> Date: Tue, 27 Apr 2010 14:20:21 -0400 -> -> > [root@apollo ~]$ cat /proc/2174/maps -> > 00010000-00014000 r-xp 00000000 fd:00 15466577 -> > /sbin/mingetty -> > 00022000-00024000 rwxp 00002000 fd:00 15466577 -> > /sbin/mingetty -> > 00024000-00046000 rwxp 00000000 00:00 0 -> > [heap] -> -> SELINUX probably barfs on the executable heap, the PLT is in the HEAP -> just like powerpc32 and that's why VM_DATA_DEFAULT_FLAGS has to set -> both executable and writable. -> -> You also can't remove the CONFIG_PPC32 ifdefs in selinux, since -> because of the VM_DATA_DEFAULT_FLAGS setting used still in that arch, -> the heap will always have executable permission, just like sparc does. -> You have to support those binaries forever, whether you like it or not. -> -> Let's just replace the CONFIG_PPC32 ifdef in SELINUX with CONFIG_PPC32 -> || CONFIG_SPARC as in Tom's original patch and let's be done with -> this. -> -> In fact I would go through all the arch/ header files and check the -> VM_DATA_DEFAULT_FLAGS settings and add the necessary new ifdefs to the -> SELINUX code so that other platforms don't have the pain of having to -> go through this process too. - -To avoid maintaining per-arch ifdefs, it seems that we could just -directly use (VM_DATA_DEFAULT_FLAGS & VM_EXEC) as the basis for deciding -whether to enable or disable these checks. VM_DATA_DEFAULT_FLAGS isn't -constant on some architectures but instead depends on -current->personality, but we want this applied uniformly. So we'll just -use the initial task state to determine whether or not to enable these -checks. - -Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> - -diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index ebee467..a03fd74 100644 ---- a/security/selinux/hooks.c -+++ b/security/selinux/hooks.c -@@ -2999,13 +2999,15 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd, - return file_has_perm(cred, file, av); - } - -+static int default_noexec; -+ - static int file_map_prot_check(struct file *file, unsigned long prot, int shared) - { - const struct cred *cred = current_cred(); - int rc = 0; - --#ifndef CONFIG_PPC32 -- if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { -+ if (default_noexec && -+ (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { - /* - * We are making executable an anonymous mapping or a - * private file mapping that will also be writable. -@@ -3015,7 +3017,6 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared - if (rc) - goto error; - } --#endif - - if (file) { - /* read access is always possible with a mapping */ -@@ -3076,8 +3077,8 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, - if (selinux_checkreqprot) - prot = reqprot; - --#ifndef CONFIG_PPC32 -- if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { -+ if (default_noexec && -+ (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { - int rc = 0; - if (vma->vm_start >= vma->vm_mm->start_brk && - vma->vm_end <= vma->vm_mm->brk) { -@@ -3099,7 +3100,6 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, - if (rc) - return rc; - } --#endif - - return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED); - } -@@ -5662,6 +5662,8 @@ static __init int selinux_init(void) - /* Set the security state for the initial task. */ - cred_init_security(); - -+ default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC); -+ - sel_inode_cache = kmem_cache_create("selinux_inode_security", - sizeof(struct inode_security_struct), - 0, SLAB_PANIC, NULL); - --- -Stephen Smalley -National Security Agency - |