rpms/kernel/devel kernel.spec, 1.1998, 1.1999 linux-2.6-selinux-mprotect-checks.patch, 1.8, 1.9

Dave Jones davej at fedoraproject.org
Fri May 21 20:16:55 UTC 2010 

Author: davej

Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv27756

Modified Files:
	kernel.spec linux-2.6-selinux-mprotect-checks.patch 
Log Message:
Update the SELinux mprotect patch with a newer version from Stephen


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.1998
retrieving revision 1.1999
diff -u -p -r1.1998 -r1.1999
--- kernel.spec	21 May 2010 18:51:52 -0000	1.1998
+++ kernel.spec	21 May 2010 20:16:54 -0000	1.1999
@@ -2033,6 +2033,9 @@ fi
 #                 ||     ||
 
 %changelog
+* Fri May 21 2010 Dave Jones <davej at redhat.com>
+- Update the SELinux mprotect patch with a newer version from Stephen
+
 * Fri May 21 2010 Roland McGrath <roland at redhat.com>
 - perf requires libdw now, not libdwarf
 

linux-2.6-selinux-mprotect-checks.patch:
 hooks.c |   15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

Index: linux-2.6-selinux-mprotect-checks.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/linux-2.6-selinux-mprotect-checks.patch,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -p -r1.8 -r1.9
--- linux-2.6-selinux-mprotect-checks.patch	29 Dec 2008 02:48:00 -0000	1.8
+++ linux-2.6-selinux-mprotect-checks.patch	21 May 2010 20:16:55 -0000	1.9
@@ -1,21 +1,79 @@
-This needs a fixed toolchain, and a userspace rebuild to work.
-For these reasons, it's had difficulty getting upstream.
+Subject: [Fwd: Re: [PATCH] Disable execmem for sparc]
+From: Stephen Smalley <sds at tycho.nsa.gov>
+To: Dave Jones <davej at redhat.com>
+Date: Wed, 28 Apr 2010 16:04:56 -0400
+Message-Id: <1272485096.6013.326.camel at moss-pluto.epoch.ncsc.mil>
 
-ie, Fedora has a new enough toolchain, and has been rebuilt, so we don't need
-the ifdefs.  Other distros don't/haven't, and this patch would break them
-if pushed upstream.
-
---- linux-2.6.26.noarch/security/selinux/hooks.c~	2008-09-25 14:11:17.000000000 -0400
-+++ linux-2.6.26.noarch/security/selinux/hooks.c	2008-09-25 14:12:17.000000000 -0400
-@@ -3018,7 +3018,6 @@ static int file_map_prot_check(struct fi
+-------- Forwarded Message --------
+From: Stephen Smalley <sds at tycho.nsa.gov>
+To: David Miller <davem at davemloft.net>
+Cc: tcallawa at redhat.com, dennis at ausil.us, sparclinux at vger.kernel.org, dgilmore at redhat.com, jmorris at namei.org, eparis at parisplace.org
+Subject: Re: [PATCH] Disable execmem for sparc
+Date: Wed, 28 Apr 2010 15:57:57 -0400
+
+On Tue, 2010-04-27 at 11:47 -0700, David Miller wrote:
+> From: "Tom \"spot\" Callaway" <tcallawa at redhat.com>
+> Date: Tue, 27 Apr 2010 14:20:21 -0400
+> 
+> > [root at apollo ~]$ cat /proc/2174/maps
+> > 00010000-00014000 r-xp 00000000 fd:00 15466577
+> >  /sbin/mingetty
+> > 00022000-00024000 rwxp 00002000 fd:00 15466577
+> >  /sbin/mingetty
+> > 00024000-00046000 rwxp 00000000 00:00 0
+> >  [heap]
+> 
+> SELINUX probably barfs on the executable heap, the PLT is in the HEAP
+> just like powerpc32 and that's why VM_DATA_DEFAULT_FLAGS has to set
+> both executable and writable.
+> 
+> You also can't remove the CONFIG_PPC32 ifdefs in selinux, since
+> because of the VM_DATA_DEFAULT_FLAGS setting used still in that arch,
+> the heap will always have executable permission, just like sparc does.
+> You have to support those binaries forever, whether you like it or not.
+> 
+> Let's just replace the CONFIG_PPC32 ifdef in SELINUX with CONFIG_PPC32
+> || CONFIG_SPARC as in Tom's original patch and let's be done with
+> this.
+> 
+> In fact I would go through all the arch/ header files and check the
+> VM_DATA_DEFAULT_FLAGS settings and add the necessary new ifdefs to the
+> SELINUX code so that other platforms don't have the pain of having to
+> go through this process too.
+
+To avoid maintaining per-arch ifdefs, it seems that we could just
+directly use (VM_DATA_DEFAULT_FLAGS & VM_EXEC) as the basis for deciding
+whether to enable or disable these checks.   VM_DATA_DEFAULT_FLAGS isn't
+constant on some architectures but instead depends on
+current->personality, but we want this applied uniformly.  So we'll just
+use the initial task state to determine whether or not to enable these
+checks.
+
+Signed-off-by:  Stephen Smalley <sds at tycho.nsa.gov>
+
+diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
+index ebee467..a03fd74 100644
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -2999,13 +2999,15 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
+ 	return file_has_perm(cred, file, av);
+ }
+ 
++static int default_noexec;
++
+ static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
+ {
  	const struct cred *cred = current_cred();
  	int rc = 0;
  
 -#ifndef CONFIG_PPC32
- 	if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
+-	if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
++	if (default_noexec &&
++	    (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
  		/*
  		 * We are making executable an anonymous mapping or a
-@@ -3029,7 +3028,6 @@ static int file_map_prot_check(struct fi
+ 		 * private file mapping that will also be writable.
+@@ -3015,7 +3017,6 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared
  		if (rc)
  			goto error;
  	}
@@ -23,15 +81,18 @@ if pushed upstream.
  
  	if (file) {
  		/* read access is always possible with a mapping */
-@@ -3024,7 +3022,6 @@ static int selinux_file_mprotect(struct 
+@@ -3076,8 +3077,8 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
  	if (selinux_checkreqprot)
  		prot = reqprot;
  
 -#ifndef CONFIG_PPC32
- 	if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
- 		rc = 0;
+-	if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
++	if (default_noexec &&
++	    (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
+ 		int rc = 0;
  		if (vma->vm_start >= vma->vm_mm->start_brk &&
-@@ -3049,7 +3046,6 @@ static int selinux_file_mprotect(struct 
+ 		    vma->vm_end <= vma->vm_mm->brk) {
+@@ -3099,7 +3100,6 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
  		if (rc)
  			return rc;
  	}
@@ -39,3 +100,17 @@ if pushed upstream.
  
  	return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
  }
+@@ -5662,6 +5662,8 @@ static __init int selinux_init(void)
+ 	/* Set the security state for the initial task. */
+ 	cred_init_security();
+ 
++	default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
++
+ 	sel_inode_cache = kmem_cache_create("selinux_inode_security",
+ 					    sizeof(struct inode_security_struct),
+ 					    0, SLAB_PANIC, NULL);
+
+-- 
+Stephen Smalley
+National Security Agency
+

More information about the scm-commits mailing list