On Tue, 2017-03-28 at 22:12 +0900, Tetsuo Handa wrote:
> This patch is a preparation for getting rid of task_create hook
> because
> task_create hook
task_alloc hook?
> which can do what task_create hook can do was revived.
>
> Creating a new thread is unlikely prohibited by security policy, for
> fork()/execve()/exit() is fundamental of how processes are managed in
> Unix. If a program is known to create a new thread, it is likely that
> permission to create a new thread is given to that program.
> Therefore,
> a situation where security_task_create() returns an error is likely
> that
> the program was exploited and lost control. Even if SELinux failed to
> check permission to create a thread at security_task_create(),
> SELinux
> can later check it at security_task_alloc(). Since the new thread is
> not
> yet visible from the rest of the system, nobody can do bad things
> using
> the new thread. What we waste will be limited to some initialization
> steps such as dup_task_struct(), copy_creds() and audit_alloc() in
> copy_process(). We can tolerate these overhead for unlikely
> situation.
>
> Therefore, this patch changes SELinux to use task_alloc hook rather
> than
> task_create hook so that we can remove task_create hook.
Aside from the nit on the patch description above,
Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
> ---
> security/selinux/hooks.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index d37a723..d850b7f 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -3710,7 +3710,8 @@ static int selinux_file_open(struct file *file,
> const struct cred *cred)
>
> /* task security operations */
>
> -static int selinux_task_create(unsigned long clone_flags)
> +static int selinux_task_alloc(struct task_struct *task,
> + unsigned long clone_flags)
> {
> u32 sid = current_sid();
>
> @@ -6205,7 +6206,7 @@ static int selinux_key_getsecurity(struct key
> *key, char **_buffer)
>
> LSM_HOOK_INIT(file_open, selinux_file_open),
>
> - LSM_HOOK_INIT(task_create, selinux_task_create),
> + LSM_HOOK_INIT(task_alloc, selinux_task_alloc),
> LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank),
> LSM_HOOK_INIT(cred_free, selinux_cred_free),
> LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
