| Message ID | 20230502141832.217234-1-aleksandr.mikhalitsyn@canonical.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp656222vqo;
Tue, 2 May 2023 07:26:41 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ6fLfjFVrRxWiQoWcWwvwj21zwN2MXVhFvX94xJUn1M0dpKVqXlVb11DZ0uBY20+gX3n6I0
X-Received: by 2002:aca:3257:0:b0:38e:32b5:cfba with SMTP id
y84-20020aca3257000000b0038e32b5cfbamr9451309oiy.10.1683037601140;
Tue, 02 May 2023 07:26:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1683037601; cv=none;
d=google.com; s=arc-20160816;
b=rm0dexT8sRCf8Yg2bZxIbDJVs1AcjkRg4T6UJPjdufIkHgRo/akkIB/U2cS1T8+bIV
U1oNy1gG4X+yEzB/4RDnmrRsqlplRInscHmvA2uhpq3VzZbg0pZxTpkbRJNV6RZIjbqg
u88tRuBO5wKuNberjfM0LbS9BThaSgtO6U1xPF3OIYwxRu958tmUi9PJbEuZZSSkRiqN
vUH2d5f7PE6vbpMRzhyhn+S4fDtkQKrytjwVVyKts2mH6zRsqwZ+0nv9/PAPgITIU3hd
W+xUKhVH3Bx4SD5G8xI75eeszXqMlbpg7iDXmUbnLObz1o8TYNmI7mESkYsZlEBlGXW0
JUBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=YEbt8fJaJHySlZTdZRpdSbFwcXzeFhKie6WmHehZH00=;
b=UmLr5G2BXsunzgLnfttos4jbLtm+VZkTrN/EdY8yA6/b/SrhGIgcBeA8ygSNgQCdS5
ymw6dlvvsO/pI3INCXS1r8kCPsCGxPJO0WPey8pw1lTM2R3cOfztopTRGAizktAlcqJk
n/5EZzoqvMTDz1tSjN6cE7+tr84n2/4oYuw5FAw9mwk5Q7TYLCVHb2M85Wr4+gN1PMN2
cam/fRSpFJ+qvmyJvAIllFe9/ZZL+fNh4MPM0DcHmIO1p/reQ8poxjKS9gGvATTsjC8M
AvZv5/jxf/q06bxPR6Aa/93ihH6shu77OZ4PKKDS6bD0A/VlrYnRv49Uq+IQ6GPTVJmZ
Ah8Q==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@canonical.com header.s=20210705 header.b=DKVJ+Zur;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
z84-20020aca3357000000b0038e1280d5e9si22116792oiz.1.2023.05.02.07.26.23;
Tue, 02 May 2023 07:26:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@canonical.com header.s=20210705 header.b=DKVJ+Zur;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S234339AbjEBOT6 (ORCPT <rfc822;rbbytesnap@gmail.com> + 99 others);
Tue, 2 May 2023 10:19:58 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38314 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233849AbjEBOTu (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 2 May 2023 10:19:50 -0400
Received: from smtp-relay-internal-0.canonical.com
(smtp-relay-internal-0.canonical.com [185.125.188.122])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 484C3E9
for <linux-kernel@vger.kernel.org>;
Tue, 2 May 2023 07:19:49 -0700 (PDT)
Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com
[209.85.218.70])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits)
server-digest SHA256)
(No client certificate requested)
by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id
A5CFC3F445
for <linux-kernel@vger.kernel.org>;
Tue, 2 May 2023 14:19:43 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
s=20210705; t=1683037183;
bh=YEbt8fJaJHySlZTdZRpdSbFwcXzeFhKie6WmHehZH00=;
h=From:To:Cc:Subject:Date:Message-Id:MIME-Version;
b=DKVJ+Zur1RXebmECPN8zKujN1W7Z+zyKs5JZkbep/04ljj6a8tHRn+Ha9tfFYtT3m
/ODtKG5LnGXbNXNVl1a5urwdQHq6R8a0cSSGW+0PUngZj45518GuXnHrKeGl2C5yNh
F4z5HmM6UpnIDWceuj0ssVus40G9jLkFKe1owrWlmOHQMd0P5TqMh5jdoTTeq4FHKc
ObD51jGVNAKtU5oEKaG1je47tPRFEjRyoGpjC4/hMKZFEZq85AOmah5ASg9hsaAopQ
USL7FaJf4X1RdiaTkA09xjqXS/qYAJETEhg2jA3h/zhse4j7hl64L//udFrhPReOlJ
rHWG/B0KwgrRQ==
Received: by mail-ej1-f70.google.com with SMTP id
a640c23a62f3a-94a356c74e0so383231166b.2
for <linux-kernel@vger.kernel.org>;
Tue, 02 May 2023 07:19:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1683037183; x=1685629183;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=YEbt8fJaJHySlZTdZRpdSbFwcXzeFhKie6WmHehZH00=;
b=YBmda+JNpaBEllbM4CVsRanwCPogW4BDoLXXLFYFQ5RivkmX7Tg15OsoR4ShiqNF60
JlWXhXuAj30q+u48pW4eFXD0d1xyE/Q0Xcxt5A1Qt7Qq1YK+vvGbWlRPJIeHkfV8o0FD
pPpQNU6ybnQUvfIYnSOzf7RuNmNqzlPit4sVB/XdOUnYwaRejzo3t0lYzBZHn0Rh0Ue7
2RB4O+cs019qykY0bWP36s4F7goNrOJlpyeU9Y+wH/Tt44QcSMXf74H6fFK4bUsEOkiV
WQCBoCAHrk5kkZGFINPIBnmUUpebEYPvyqWYt76e/yQfWO0nqNKDhpLMh/6ML8b5OLBD
/9/w==
X-Gm-Message-State: AC+VfDzszRKZpI0nl8gyZjQY2V+x4ZmnrnvgjaioR+F8A7Qe1RMZZw3v
zgAnwDniFZVr0TulDYt6zK923F2ugQdo724ULQvPGuJyueb29splX9ZRhk//oHH4NDJPAVAwftG
VFEt3m3HBMqsLe/UEmq7UvQ9Z+4kBNmThzAAVCw80aozS3FDzVc1h
X-Received: by 2002:a17:907:36c7:b0:94f:6025:be53 with SMTP id
bj7-20020a17090736c700b0094f6025be53mr82663ejc.50.1683037182991;
Tue, 02 May 2023 07:19:42 -0700 (PDT)
X-Received: by 2002:a17:907:36c7:b0:94f:6025:be53 with SMTP id
bj7-20020a17090736c700b0094f6025be53mr82651ejc.50.1683037182694;
Tue, 02 May 2023 07:19:42 -0700 (PDT)
Received: from amikhalitsyn.. ([62.168.35.11])
by smtp.gmail.com with ESMTPSA id
tk5-20020a170907c28500b0095004c87676sm16000802ejc.199.2023.05.02.07.19.41
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 02 May 2023 07:19:42 -0700 (PDT)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: mortonm@chromium.org
Cc: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] LSM: SafeSetID: fix UID printed instead of GID
Date: Tue, 2 May 2023 16:18:32 +0200
Message-Id: <20230502141832.217234-1-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1764792835596251683?=
X-GMAIL-MSGID: =?utf-8?q?1764792835596251683?=
|
| Series |
LSM: SafeSetID: fix UID printed instead of GID
|
|
Commit Message
Aleksandr Mikhalitsyn
May 2, 2023, 2:18 p.m. UTC
pr_warn message clearly says that GID should be printed,
but we have UID there. Let's fix that.
Found accidentaly during the work on isolated user namespaces.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---
security/safesetid/lsm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Hi Alexander,
kernel test robot noticed the following build errors:
[auto build test ERROR on pcmoore-audit/next]
[also build test ERROR on pcmoore-selinux/next linus/master v6.3 next-20230428]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Alexander-Mikhalitsyn/LSM-SafeSetID-fix-UID-printed-instead-of-GID/20230502-222024
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
patch link: https://lore.kernel.org/r/20230502141832.217234-1-aleksandr.mikhalitsyn%40canonical.com
patch subject: [PATCH] LSM: SafeSetID: fix UID printed instead of GID
config: mips-allyesconfig (https://download.01.org/0day-ci/archive/20230503/202305030431.SqnvfRsU-lkp@intel.com/config)
compiler: mips-linux-gcc (GCC) 12.1.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/9feeb800b8aaabd299e4b9f2a81f04de983046c0
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Alexander-Mikhalitsyn/LSM-SafeSetID-fix-UID-printed-instead-of-GID/20230502-222024
git checkout 9feeb800b8aaabd299e4b9f2a81f04de983046c0
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=mips olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=mips SHELL=/bin/bash
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
| Link: https://lore.kernel.org/oe-kbuild-all/202305030431.SqnvfRsU-lkp@intel.com/
All errors (new ones prefixed by >>):
In file included from include/asm-generic/bug.h:22,
from arch/mips/include/asm/bug.h:42,
from include/linux/bug.h:5,
from arch/mips/include/asm/cmpxchg.h:11,
from arch/mips/include/asm/atomic.h:23,
from include/linux/atomic.h:7,
from include/linux/rcupdate.h:25,
from include/linux/rbtree.h:24,
from include/linux/key.h:15,
from include/linux/security.h:27,
from include/linux/lsm_hooks.h:28,
from security/safesetid/lsm.c:17:
security/safesetid/lsm.c: In function 'safesetid_security_capable':
>> security/safesetid/lsm.c:134:40: error: incompatible type for argument 1 of '__kuid_val'
134 | __kuid_val(cred->gid));
| ~~~~^~~~~
| |
| kgid_t
include/linux/printk.h:427:33: note: in definition of macro 'printk_index_wrap'
427 | _p_func(_fmt, ##__VA_ARGS__); \
| ^~~~~~~~~~~
include/linux/printk.h:508:9: note: in expansion of macro 'printk'
508 | printk(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
| ^~~~~~
security/safesetid/lsm.c:133:17: note: in expansion of macro 'pr_warn'
133 | pr_warn("Operation requires CAP_SETGID, which is not available to GID %u for operations besides approved set*gid transitions\n",
| ^~~~~~~
In file included from include/linux/sysctl.h:29,
from include/linux/key.h:17:
include/linux/uidgid.h:34:39: note: expected 'kuid_t' but argument is of type 'kgid_t'
34 | static inline uid_t __kuid_val(kuid_t uid)
| ~~~~~~~^~~
vim +/__kuid_val +134 security/safesetid/lsm.c
16
> 17 #include <linux/lsm_hooks.h>
18 #include <linux/module.h>
19 #include <linux/ptrace.h>
20 #include <linux/sched/task_stack.h>
21 #include <linux/security.h>
22 #include "lsm.h"
23
24 /* Flag indicating whether initialization completed */
25 int safesetid_initialized __initdata;
26
27 struct setid_ruleset __rcu *safesetid_setuid_rules;
28 struct setid_ruleset __rcu *safesetid_setgid_rules;
29
30
31 /* Compute a decision for a transition from @src to @dst under @policy. */
32 enum sid_policy_type _setid_policy_lookup(struct setid_ruleset *policy,
33 kid_t src, kid_t dst)
34 {
35 struct setid_rule *rule;
36 enum sid_policy_type result = SIDPOL_DEFAULT;
37
38 if (policy->type == UID) {
39 hash_for_each_possible(policy->rules, rule, next, __kuid_val(src.uid)) {
40 if (!uid_eq(rule->src_id.uid, src.uid))
41 continue;
42 if (uid_eq(rule->dst_id.uid, dst.uid))
43 return SIDPOL_ALLOWED;
44 result = SIDPOL_CONSTRAINED;
45 }
46 } else if (policy->type == GID) {
47 hash_for_each_possible(policy->rules, rule, next, __kgid_val(src.gid)) {
48 if (!gid_eq(rule->src_id.gid, src.gid))
49 continue;
50 if (gid_eq(rule->dst_id.gid, dst.gid)){
51 return SIDPOL_ALLOWED;
52 }
53 result = SIDPOL_CONSTRAINED;
54 }
55 } else {
56 /* Should not reach here, report the ID as contrainsted */
57 result = SIDPOL_CONSTRAINED;
58 }
59 return result;
60 }
61
62 /*
63 * Compute a decision for a transition from @src to @dst under the active
64 * policy.
65 */
66 static enum sid_policy_type setid_policy_lookup(kid_t src, kid_t dst, enum setid_type new_type)
67 {
68 enum sid_policy_type result = SIDPOL_DEFAULT;
69 struct setid_ruleset *pol;
70
71 rcu_read_lock();
72 if (new_type == UID)
73 pol = rcu_dereference(safesetid_setuid_rules);
74 else if (new_type == GID)
75 pol = rcu_dereference(safesetid_setgid_rules);
76 else { /* Should not reach here */
77 result = SIDPOL_CONSTRAINED;
78 rcu_read_unlock();
79 return result;
80 }
81
82 if (pol) {
83 pol->type = new_type;
84 result = _setid_policy_lookup(pol, src, dst);
85 }
86 rcu_read_unlock();
87 return result;
88 }
89
90 static int safesetid_security_capable(const struct cred *cred,
91 struct user_namespace *ns,
92 int cap,
93 unsigned int opts)
94 {
95 /* We're only interested in CAP_SETUID and CAP_SETGID. */
96 if (cap != CAP_SETUID && cap != CAP_SETGID)
97 return 0;
98
99 /*
100 * If CAP_SET{U/G}ID is currently used for a setid or setgroups syscall, we
101 * want to let it go through here; the real security check happens later, in
102 * the task_fix_set{u/g}id or task_fix_setgroups hooks.
103 */
104 if ((opts & CAP_OPT_INSETID) != 0)
105 return 0;
106
107 switch (cap) {
108 case CAP_SETUID:
109 /*
110 * If no policy applies to this task, allow the use of CAP_SETUID for
111 * other purposes.
112 */
113 if (setid_policy_lookup((kid_t){.uid = cred->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT)
114 return 0;
115 /*
116 * Reject use of CAP_SETUID for functionality other than calling
117 * set*uid() (e.g. setting up userns uid mappings).
118 */
119 pr_warn("Operation requires CAP_SETUID, which is not available to UID %u for operations besides approved set*uid transitions\n",
120 __kuid_val(cred->uid));
121 return -EPERM;
122 case CAP_SETGID:
123 /*
124 * If no policy applies to this task, allow the use of CAP_SETGID for
125 * other purposes.
126 */
127 if (setid_policy_lookup((kid_t){.gid = cred->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT)
128 return 0;
129 /*
130 * Reject use of CAP_SETUID for functionality other than calling
131 * set*gid() (e.g. setting up userns gid mappings).
132 */
133 pr_warn("Operation requires CAP_SETGID, which is not available to GID %u for operations besides approved set*gid transitions\n",
> 134 __kuid_val(cred->gid));
135 return -EPERM;
136 default:
137 /* Error, the only capabilities were checking for is CAP_SETUID/GID */
138 return 0;
139 }
140 return 0;
141 }
142
diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index e806739f7868..6191e5ba0f70 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -131,7 +131,7 @@ static int safesetid_security_capable(const struct cred *cred, * set*gid() (e.g. setting up userns gid mappings). */ pr_warn("Operation requires CAP_SETGID, which is not available to GID %u for operations besides approved set*gid transitions\n", - __kuid_val(cred->uid)); + __kuid_val(cred->gid)); return -EPERM; default: /* Error, the only capabilities were checking for is CAP_SETUID/GID */