linux/security, branch v2.6.14.4

[PATCH] SELinux: handle sel_make_bools() failure in selinuxfs

2005-10-23T23:38:39Z

This patch fixes error handling in sel_make_bools(), where currently we'd get a memory leak via security_get_bools() and try to kfree() the wrong pointer if called again. Signed-off-by: James Morris Acked-by: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

[PATCH] selinux: Fix NULL deref in policydb_destroy

2005-10-23T23:38:38Z

This patch fixes a possible NULL dereference in policydb_destroy, where p->type_attr_map can be NULL if policydb_destroy is called to clean up a partially loaded policy upon an error during policy load. Please apply. Signed-off-by: Stephen Smalley Acked-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

[PATCH] Keys: Possessor permissions should be additive

2005-10-08T21:54:48Z

This patch makes the possessor permissions on a key additive with user/group/other permissions on the same key. This permits extra rights to be granted to the possessor of a key without taking away any rights conferred by them owning the key or having common group membership. Signed-Off-By: David Howells Signed-off-by: Linus Torvalds

[PATCH] Keys: Split key permissions checking into a .c file

2005-10-08T21:53:31Z

The attached patch splits key permissions checking out of key-ui.h and moves it into a .c file. It's quite large and called quite a lot, and it's about to get bigger with the addition of LSM support for keys... key_any_permission() is also discarded as it's no longer used. Signed-Off-By: David Howells Signed-off-by: Linus Torvalds

[PATCH] Keys: Add request-key process documentation

2005-10-08T21:53:31Z

The attached patch adds documentation for the process by which request-key works, including how it permits helper processes to gain access to the requestor's keyrings. Signed-Off-By: David Howells Signed-off-by: Linus Torvalds

[PATCH] key: plug request_key_auth memleak

2005-10-08T21:53:31Z

Plug request_key_auth memleak. This can be triggered by unprivileged users, so is local DoS. Signed-off-by: Chris Wright Signed-Off-By: David Howells Signed-off-by: Linus Torvalds

[PATCH] SELinux - fix SCTP socket bug and general IP protocol handling

2005-09-30T18:36:04Z

The following patch updates the way SELinux classifies and handles IP based protocols. Currently, IP sockets are classified by SELinux as being either TCP, UDP or 'Raw', the latter being a default for IP socket that is not TCP or UDP. The classification code is out of date and uses only the socket type parameter to socket(2) to determine the class of IP socket. So, any socket created with SOCK_STREAM will be classified by SELinux as TCP, and SOCK_DGRAM as UDP. Also, other socket types such as SOCK_SEQPACKET and SOCK_DCCP are currently ignored by SELinux, which classifies them as generic sockets, which means they don't even get basic IP level checking. This patch changes the SELinux IP socket classification logic, so that only an IPPROTO_IP protocol value passed to socket(2) classify the socket as TCP or UDP. The patch also drops the check for SOCK_RAW and converts it into a default, so that socket types like SOCK_DCCP and SOCK_SEQPACKET are classified as SECCLASS_RAWIP_SOCKET (instead of generic sockets). Note that protocol-specific support for SCTP, DCCP etc. is not addressed here, we're just getting these protocols checked at the IP layer. This fixes a reported problem where SCTP sockets were being recognized as generic SELinux sockets yet still being passed in one case to an IP level check, which then fails for generic sockets. It will also fix bugs where any SOCK_STREAM socket is classified as TCP or any SOCK_DGRAM socket is classified as UDP. This patch also unifies the way IP sockets classes are determined in selinux_socket_bind(), so we use the already calculated value instead of trying to recalculate it. Signed-off-by: James Morris Signed-off-by: Stephen Smalley Signed-off-by: Linus Torvalds

[PATCH] Keys: Add possessor permissions to keys [try #3]

2005-09-28T16:10:47Z

The attached patch adds extra permission grants to keys for the possessor of a key in addition to the owner, group and other permissions bits. This makes SUID binaries easier to support without going as far as labelling keys and key targets using the LSM facilities. This patch adds a second "pointer type" to key structures (struct key_ref *) that can have the bottom bit of the address set to indicate the possession of a key. This is propagated through searches from the keyring to the discovered key. It has been made a separate type so that the compiler can spot attempts to dereference a potentially incorrect pointer. The "possession" attribute can't be attached to a key structure directly as it's not an intrinsic property of a key. Pointers to keys have been replaced with struct key_ref *'s wherever possession information needs to be passed through. This does assume that the bottom bit of the pointer will always be zero on return from kmem_cache_alloc(). The key reference type has been made into a typedef so that at least it can be located in the sources, even though it's basically a pointer to an undefined type. I've also renamed the accessor functions to be more useful, and all reference variables should now end in "_ref". Signed-Off-By: David Howells Signed-off-by: Linus Torvalds

[PATCH] seclvl: use securityfs (fix)

2005-09-17T18:50:01Z

That should be -EINVAL for both. Signed-off-by: Serge Hallyn Cc: Greg KH Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

[PATCH] seclvl-use-securityfs tidy

2005-09-17T18:50:01Z

We don't put braces around single statements, thanks. Cc: Serge Hallyn Cc: James Morris Cc: Chris Wright Cc: Greg KH Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds