redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/security
History
Aristeu Rozanski d2c2b11cfa device_cgroup: check if exception removal is allowed 
[PATCH v3 1/2] device_cgroup: check if exception removal is allowed

When the device cgroup hierarchy was introduced in
	bd2953ebbb - devcg: propagate local changes down the hierarchy

a specific case was overlooked. Consider the hierarchy bellow:

	A	default policy: ALLOW, exceptions will deny access
	 \
	  B	default policy: ALLOW, exceptions will deny access

There's no need to verify when an new exception is added to B because
in this case exceptions will deny access to further devices, which is
always fine. Hierarchy in device cgroup only makes sure B won't have
more access than A.

But when an exception is removed (by writing devices.allow), it isn't
checked if the user is in fact removing an inherited exception from A,
thus giving more access to B.

Example:

	# echo 'a' >A/devices.allow
	# echo 'c 1:3 rw' >A/devices.deny
	# echo $$ >A/B/tasks
	# echo >/dev/null
	-bash: /dev/null: Operation not permitted
	# echo 'c 1:3 w' >A/B/devices.allow
	# echo >/dev/null
	#

This shouldn't be allowed and this patch fixes it by making sure to never allow
exceptions in this case to be removed if the exception is partially or fully
present on the parent.

v3: missing '*' in function description
v2: improved log message and formatting fixes

Cc: cgroups@vger.kernel.org
Cc: Li Zefan <lizefan@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Aristeu Rozanski <arozansk@redhat.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
 		2014-05-05 11:20:12 -04:00
..
apparmor security: replace strict_strto*() with kstrto*() 2014-02-06 19:11:04 +11:00
integrity Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2014-04-12 14:49:50 -07:00
keys Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2014-04-03 09:26:18 -07:00
selinux Merge branch 'locks-3.15' of git://git.samba.org/jlayton/linux 2014-04-04 14:21:20 -07:00
smack Linux 3.13 2014-03-07 11:41:32 -05:00
tomoyo get rid of pointless checks for NULL ->i_op 2014-04-01 23:19:16 -04:00
yama yama: Better permission check for ptraceme 2013-03-26 13:17:58 -07:00
Kconfig security: select correct default LSM_MMAP_MIN_ADDR on arm on arm64 2014-02-05 14:59:14 +00:00
Makefile security: cleanup Makefiles to use standard syntax for specifying sub-directories 2014-02-17 11:08:04 +11:00
capability.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2014-04-03 09:26:18 -07:00
commoncap.c capabilities: allow nice if we are privileged 2013-08-30 23:44:09 -07:00
device_cgroup.c device_cgroup: check if exception removal is allowed 2014-05-05 11:20:12 -04:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
lsm_audit.c audit: anchor all pid references in the initial pid namespace 2014-03-20 10:11:55 -04:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c vfs: add cross-rename 2014-04-01 17:08:43 +02:00