[PATCH] selinux: add executable heap check

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This patch,based on sample code by Roland McGrath, adds an execheap
permission check that controls the ability to make the heap executable so
that this can be prevented in almost all cases (the X server is presently
an exception, but this will hopefully be resolved in the future) so that
even programs with execmem permission will need to have the anonymous
memory mapped in order to make it executable.

The only reason that we use a permission check for such restriction (vs.
making it unconditional) is that the X module loader presently needs it; it
could possibly be made unconditional in the future when X is changed.

The policy patch for the execheap permission is available at:
http://pearls.tuxedo-es.org/patches/selinux/policy-execheap.patch

Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
Acked-by: James Morris <jmorris@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by

Lorenzo Hern�ndez Garc�a-Hierro and committed by

Linus Torvalds 21 years ago 09ffd94f 6b992197

+13

3 changed files

expand all

security

selinux

hooks.c

include

av_perm_to_string.h

av_permissions.h

+11

security/selinux/hooks.c

··· 2477 2477 prot = reqprot; 2478 2478 2479 2479 #ifndef CONFIG_PPC32 2480 + if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXECUTABLE) && 2481 + (vma->vm_start >= vma->vm_mm->start_brk && 2482 + vma->vm_end <= vma->vm_mm->brk)) { 2483 + /* 2484 + * We are making an executable mapping in the brk region. 2485 + * This has an additional execheap check. 2486 + */ 2487 + rc = task_has_perm(current, current, PROCESS__EXECHEAP); 2488 + if (rc) 2489 + return rc; 2490 + } 2480 2491 if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) { 2481 2492 /* 2482 2493 * We are making executable a file mapping that has

security/selinux/include/av_perm_to_string.h

··· 71 71 S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") 72 72 S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") 73 73 S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack") 74 + S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap") 74 75 S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") 75 76 S_(SECCLASS_MSG, MSG__SEND, "send") 76 77 S_(SECCLASS_MSG, MSG__RECEIVE, "receive")

security/selinux/include/av_permissions.h

··· 466 466 #define PROCESS__SETCURRENT 0x01000000UL 467 467 #define PROCESS__EXECMEM 0x02000000UL 468 468 #define PROCESS__EXECSTACK 0x04000000UL 469 + #define PROCESS__EXECHEAP 0x08000000UL 469 470 470 471 #define IPC__CREATE 0x00000001UL 471 472 #define IPC__DESTROY 0x00000002UL