[PATCH] selinux: add executable heap check
authorLorenzo Hernández García-Hierro <lorenzo@gnu.org>
Sat, 25 Jun 2005 21:54:35 +0000 (14:54 -0700)
committerLinus Torvalds <torvalds@ppc970.osdl.org>
Sat, 25 Jun 2005 23:24:26 +0000 (16:24 -0700)
This patch,based on sample code by Roland McGrath, adds an execheap
permission check that controls the ability to make the heap executable so
that this can be prevented in almost all cases (the X server is presently
an exception, but this will hopefully be resolved in the future) so that
even programs with execmem permission will need to have the anonymous
memory mapped in order to make it executable.

The only reason that we use a permission check for such restriction (vs.
making it unconditional) is that the X module loader presently needs it; it
could possibly be made unconditional in the future when X is changed.

The policy patch for the execheap permission is available at:
http://pearls.tuxedo-es.org/patches/selinux/policy-execheap.patch

Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
Acked-by: James Morris <jmorris@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
security/selinux/hooks.c
security/selinux/include/av_perm_to_string.h
security/selinux/include/av_permissions.h

index ad725213f5685f681c9dfe3aed8f73a1a2cb3d19..932eef18db337293badeb4bf7c96471dcbf7e0e7 100644 (file)
@@ -2477,6 +2477,17 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
                prot = reqprot;
 
 #ifndef CONFIG_PPC32
+       if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXECUTABLE) &&
+          (vma->vm_start >= vma->vm_mm->start_brk &&
+           vma->vm_end <= vma->vm_mm->brk)) {
+               /*
+                * We are making an executable mapping in the brk region.
+                * This has an additional execheap check.
+                */
+               rc = task_has_perm(current, current, PROCESS__EXECHEAP);
+               if (rc)
+                       return rc;
+       }
        if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) {
                /*
                 * We are making executable a file mapping that has
index e81f0226c37dfc0eb30fd8afab75d079ca9e3a95..1deb59e1b76257dab1129f0050ce0f727aceeb30 100644 (file)
@@ -71,6 +71,7 @@
    S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent")
    S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
    S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
+   S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
    S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
    S_(SECCLASS_MSG, MSG__SEND, "send")
    S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
index 38ce18b3328461244606b15926e7c4a52552b5c4..a78b5d59c9fc008f638200a1764c3a1e2e7a646e 100644 (file)
 #define PROCESS__SETCURRENT                       0x01000000UL
 #define PROCESS__EXECMEM                          0x02000000UL
 #define PROCESS__EXECSTACK                        0x04000000UL
+#define PROCESS__EXECHEAP                         0x08000000UL
 
 #define IPC__CREATE                               0x00000001UL
 #define IPC__DESTROY                              0x00000002UL