From cdb16df9d3f41be07e35dbff6d4a0e453fdd6cf9 Mon Sep 17 00:00:00 2001 From: "Michael A. Halcrow" Date: Tue, 19 Oct 2004 18:30:12 -0700 Subject: [PATCH] BSD Secure Levels LSM: add time hooks I have received positive feedback from various individuals who have applied my BSD Secure Levels LSM patch, and so at this point I am submitting it to you with a request to merge it in. Nothing has changed in this patch since when I last posted it to the LKML, so I am not re-sending it there. This first patch adds hooks to catch attempts to set the system clock back. Signed-off-by: Michael A. Halcrow Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/capability.c | 1 + security/commoncap.c | 16 +++++++++++----- security/dummy.c | 8 ++++++++ 3 files changed, 20 insertions(+), 5 deletions(-) (limited to 'security') diff --git a/security/capability.c b/security/capability.c index 532023c652ca..ec18d6075625 100644 --- a/security/capability.c +++ b/security/capability.c @@ -30,6 +30,7 @@ static struct security_operations capability_ops = { .capset_check = cap_capset_check, .capset_set = cap_capset_set, .capable = cap_capable, + .settime = cap_settime, .netlink_send = cap_netlink_send, .netlink_recv = cap_netlink_recv, diff --git a/security/commoncap.c b/security/commoncap.c index ed0d6136f6fc..6890914525dc 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -27,20 +27,25 @@ int cap_capable (struct task_struct *tsk, int cap) { /* Derived from include/linux/sched.h:capable. */ - if (cap_raised (tsk->cap_effective, cap)) + if (cap_raised(tsk->cap_effective, cap)) return 0; - else + return -EPERM; +} + +int cap_settime(struct timespec *ts, struct timezone *tz) +{ + if (!capable(CAP_SYS_TIME)) return -EPERM; + return 0; } int cap_ptrace (struct task_struct *parent, struct task_struct *child) { /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ if (!cap_issubset (child->cap_permitted, current->cap_permitted) && - !capable (CAP_SYS_PTRACE)) + !capable(CAP_SYS_PTRACE)) return -EPERM; - else - return 0; + return 0; } int cap_capget (struct task_struct *target, kernel_cap_t *effective, @@ -373,6 +378,7 @@ int cap_vm_enough_memory(long pages) } EXPORT_SYMBOL(cap_capable); +EXPORT_SYMBOL(cap_settime); EXPORT_SYMBOL(cap_ptrace); EXPORT_SYMBOL(cap_capget); EXPORT_SYMBOL(cap_capset_check); diff --git a/security/dummy.c b/security/dummy.c index 0ce9f22d6c8c..c20c28ac1f00 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -104,6 +104,13 @@ static int dummy_syslog (int type) return 0; } +static int dummy_settime(struct timespec *ts, struct timezone *tz) +{ + if (!capable(CAP_SYS_TIME)) + return -EPERM; + return 0; +} + /* * Check that a process has enough memory to allocate a new virtual * mapping. 0 means there is enough memory for the allocation to @@ -897,6 +904,7 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, quota_on); set_to_dummy_if_null(ops, sysctl); set_to_dummy_if_null(ops, syslog); + set_to_dummy_if_null(ops, settime); set_to_dummy_if_null(ops, vm_enough_memory); set_to_dummy_if_null(ops, bprm_alloc_security); set_to_dummy_if_null(ops, bprm_free_security); -- cgit v1.2.3