- 03 6月, 2016 1 次提交
-
-
由 Stephan Mueller 提交于
The values computed during Diffie-Hellman key exchange are often used in combination with key derivation functions to create cryptographic keys. Add a placeholder for a later implementation to configure a key derivation function that will transform the Diffie-Hellman result returned by the KEYCTL_DH_COMPUTE command. [This patch was stripped down from a patch produced by Mat Martineau that had a bug in the compat code - so for the moment Stephan's patch simply requires that the placeholder argument must be NULL] Original-signed-off-by: NMat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: NStephan Mueller <smueller@chronox.de> Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
- 18 5月, 2016 1 次提交
-
-
由 Kees Cook 提交于
This document attempts to codify the intent around kernel self-protection along with discussion of both existing and desired technologies, with attention given to the rationale behind them, and the expectations of their usage. Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NRandy Dunlap <rdunlap@infradead.org> [jc: applied fixes suggested by Randy] Reviewed-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NJonathan Corbet <corbet@lwn.net>
-
- 21 4月, 2016 1 次提交
-
-
由 Kees Cook 提交于
This LSM enforces that kernel-loaded files (modules, firmware, etc) must all come from the same filesystem, with the expectation that such a filesystem is backed by a read-only device such as dm-verity or CDROM. This allows systems that have a verified and/or unchangeable filesystem to enforce module and firmware loading restrictions without needing to sign the files individually. Signed-off-by: NKees Cook <keescook@chromium.org> Acked-by: NSerge Hallyn <serge.hallyn@canonical.com> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
- 13 4月, 2016 1 次提交
-
-
由 Mat Martineau 提交于
This adds userspace access to Diffie-Hellman computations through a new keyctl() syscall command to calculate shared secrets or public keys using input parameters stored in the keyring. Input key ids are provided in a struct due to the current 5-arg limit for the keyctl syscall. Only user keys are supported in order to avoid exposing the content of logon or encrypted keys. The output is written to the provided buffer, based on the assumption that the values are only needed in userspace. Future support for other types of key derivation would involve a new command, like KEYCTL_ECDH_COMPUTE. Once Diffie-Hellman support is included in the crypto API, this code can be converted to use the crypto API to take advantage of possible hardware acceleration and reduce redundant code. Signed-off-by: NMat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
- 12 4月, 2016 1 次提交
-
-
由 David Howells 提交于
Add a facility whereby proposed new links to be added to a keyring can be vetted, permitting them to be rejected if necessary. This can be used to block public keys from which the signature cannot be verified or for which the signature verification fails. It could also be used to provide blacklisting. This affects operations like add_key(), KEYCTL_LINK and KEYCTL_INSTANTIATE. To this end: (1) A function pointer is added to the key struct that, if set, points to the vetting function. This is called as: int (*restrict_link)(struct key *keyring, const struct key_type *key_type, unsigned long key_flags, const union key_payload *key_payload), where 'keyring' will be the keyring being added to, key_type and key_payload will describe the key being added and key_flags[*] can be AND'ed with KEY_FLAG_TRUSTED. [*] This parameter will be removed in a later patch when KEY_FLAG_TRUSTED is removed. The function should return 0 to allow the link to take place or an error (typically -ENOKEY, -ENOPKG or -EKEYREJECTED) to reject the link. The pointer should not be set directly, but rather should be set through keyring_alloc(). Note that if called during add_key(), preparse is called before this method, but a key isn't actually allocated until after this function is called. (2) KEY_ALLOC_BYPASS_RESTRICTION is added. This can be passed to key_create_or_update() or key_instantiate_and_link() to bypass the restriction check. (3) KEY_FLAG_TRUSTED_ONLY is removed. The entire contents of a keyring with this restriction emplaced can be considered 'trustworthy' by virtue of being in the keyring when that keyring is consulted. (4) key_alloc() and keyring_alloc() take an extra argument that will be used to set restrict_link in the new key. This ensures that the pointer is set before the key is published, thus preventing a window of unrestrictedness. Normally this argument will be NULL. (5) As a temporary affair, keyring_restrict_trusted_only() is added. It should be passed to keyring_alloc() as the extra argument instead of setting KEY_FLAG_TRUSTED_ONLY on a keyring. This will be replaced in a later patch with functions that look in the appropriate places for authoritative keys. Signed-off-by: NDavid Howells <dhowells@redhat.com> Reviewed-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
- 20 12月, 2015 2 次提交
-
-
由 Jarkko Sakkinen 提交于
TPM2 supports authorization policies, which are essentially combinational logic statements repsenting the conditions where the data can be unsealed based on the TPM state. This patch enables to use authorization policies to seal trusted keys. Two following new options have been added for trusted keys: * 'policydigest=': provide an auth policy digest for sealing. * 'policyhandle=': provide a policy session handle for unsealing. If 'hash=' option is supplied after 'policydigest=' option, this will result an error because the state of the option would become mixed. Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NColin Ian King <colin.king@canonical.com> Reviewed-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: NPeter Huewe <peterhuewe@gmx.de>
-
由 Jarkko Sakkinen 提交于
Added 'hash=' option for selecting the hash algorithm for add_key() syscall and documentation for it. Added entry for sm3-256 to the following tables in order to support TPM_ALG_SM3_256: * hash_algo_name * hash_digest_size Includes support for the following hash algorithms: * sha1 * sha256 * sha384 * sha512 * sm3-256 Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NColin Ian King <colin.king@canonical.com> Reviewed-by: NJames Morris <james.l.morris@oracle.com> Reviewed-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: NPeter Huewe <peterhuewe@gmx.de>
-
- 21 10月, 2015 1 次提交
-
-
由 David Howells 提交于
Merge the type-specific data with the payload data into one four-word chunk as it seems pointless to keep them separate. Use user_key_payload() for accessing the payloads of overloaded user-defined keys. Signed-off-by: NDavid Howells <dhowells@redhat.com> cc: linux-cifs@vger.kernel.org cc: ecryptfs@vger.kernel.org cc: linux-ext4@vger.kernel.org cc: linux-f2fs-devel@lists.sourceforge.net cc: linux-nfs@vger.kernel.org cc: ceph-devel@vger.kernel.org cc: linux-ima-devel@lists.sourceforge.net
-
- 20 10月, 2015 1 次提交
-
-
由 Zbigniew Jasinski 提交于
This feature introduces new kernel interface: - <smack_fs>/relabel-self - for setting transition labels list This list is used to control smack label transition mechanism. List is set by, and per process. Process can transit to new label only if label is on the list. Only process with CAP_MAC_ADMIN capability can add labels to this list. With this list, process can change it's label without CAP_MAC_ADMIN but only once. After label changing, list is unset. Changes in v2: * use list_for_each_entry instead of _rcu during label write * added missing description in security/Smack.txt Changes in v3: * squashed into one commit Changes in v4: * switch from global list to per-task list * since the per-task list is accessed only by the task itself there is no need to use synchronization mechanisms on it Changes in v5: * change smackfs interface of relabel-self to the one used for onlycap multiple labels are accepted, separated by space, which replace the previous list upon write Signed-off-by: NZbigniew Jasinski <z.jasinski@samsung.com> Signed-off-by: NRafal Krypa <r.krypa@samsung.com> Acked-by: NCasey Schaufler <casey@schaufler-ca.com>
-
- 28 7月, 2015 2 次提交
-
-
由 Casey Schaufler 提交于
IPv6 appears to be (finally) coming of age with the influx of autonomous devices. In support of this, add the ability to associate a Smack label with IPv6 addresses. This patch also cleans up some of the conditional compilation associated with the introduction of secmark processing. It's now more obvious which bit of code goes with which feature. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
由 Kees Cook 提交于
Now that minor LSMs can cleanly stack with major LSMs, remove the unneeded config for Yama to be made to explicitly stack. Just selecting the main Yama CONFIG will allow it to work, regardless of the major LSM. Since distros using Yama are already forcing it to stack, this is effectively a no-op change. Additionally add MAINTAINERS entry. Signed-off-by: NKees Cook <keescook@chromium.org> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
- 03 6月, 2015 1 次提交
-
-
由 Rafal Krypa 提交于
Smack onlycap allows limiting of CAP_MAC_ADMIN and CAP_MAC_OVERRIDE to processes running with the configured label. But having single privileged label is not enough in some real use cases. On a complex system like Tizen, there maybe few programs that need to configure Smack policy in run-time and running them all with a single label is not always practical. This patch extends onlycap feature for multiple labels. They are configured in the same smackfs "onlycap" interface, separated by spaces. Signed-off-by: NRafal Krypa <r.krypa@samsung.com>
-
- 01 4月, 2015 1 次提交
-
-
由 Casey Schaufler 提交于
Document the Smack bringup features. Update the proper location for mounting smackfs from /smack to /sys/fs/smackfs. Fix some spelling errors. Suggest the use of the load2 interface instead of the load interface. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
- 23 1月, 2015 1 次提交
-
-
由 David Howells 提交于
Now that /proc/keys is used by libkeyutils to look up a key by type and description, we should make it unconditional and remove CONFIG_DEBUG_PROC_KEYS. Reported-by: NJiri Kosina <jkosina@suse.cz> Signed-off-by: NDavid Howells <dhowells@redhat.com> Tested-by: NJiri Kosina <jkosina@suse.cz>
-
- 13 10月, 2014 1 次提交
-
-
由 Roberto Sassu 提交于
This patch allows users to provide a custom template format through the new kernel command line parameter 'ima_template_fmt'. If the supplied format is not valid, IMA uses the default template descriptor. Changelog: - v3: - added check for 'fields' and 'num_fields' in template_desc_init_fields() (suggested by Mimi Zohar) - v2: - using template_desc_init_fields() to validate a format string (Roberto Sassu) - updated documentation by stating that only the chosen template descriptor is initialized (Roberto Sassu) - v1: - simplified code of ima_template_fmt_setup() (Roberto Sassu, suggested by Mimi Zohar) Signed-off-by: NRoberto Sassu <roberto.sassu@polito.it> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
- 17 9月, 2014 1 次提交
-
-
由 David Howells 提交于
Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NVivek Goyal <vgoyal@redhat.com>
-
- 23 7月, 2014 2 次提交
-
-
由 David Howells 提交于
Call the ->free_preparse() key type op even after ->preparse() returns an error as it does cleaning up type stuff. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NSteve Dickson <steved@redhat.com> Acked-by: NJeff Layton <jlayton@primarydata.com> Reviewed-by: NSage Weil <sage@redhat.com>
-
由 David Howells 提交于
Allow a key type's preparsing routine to set the expiry time for a key. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NSteve Dickson <steved@redhat.com> Acked-by: NJeff Layton <jlayton@primarydata.com> Reviewed-by: NSage Weil <sage@redhat.com>
-
- 19 6月, 2014 1 次提交
-
-
由 Pranith Kumar 提交于
kerneltrap.org no longer works, update to a working reference Signed-off-by: NPranith Kumar <bobby.prani@gmail.com> Signed-off-by: NJiri Kosina <jkosina@suse.cz>
-
- 05 5月, 2014 1 次提交
-
-
由 Carlos Garcia 提交于
Fixed multiple spelling errors. Acked-by: NRandy Dunlap <rdunlap@infradead.org> Signed-off-by: NCarlos E. Garcia <carlos@cgarcia.org> Signed-off-by: NJiri Kosina <jkosina@suse.cz>
-
- 12 4月, 2014 1 次提交
-
-
由 Lukasz Pawelczyk 提交于
This allows to limit ptrace beyond the regular smack access rules. It adds a smackfs/ptrace interface that allows smack to be configured to require equal smack labels for PTRACE_MODE_ATTACH access. See the changes in Documentation/security/Smack.txt below for details. Signed-off-by: NLukasz Pawelczyk <l.pawelczyk@partner.samsung.com> Signed-off-by: NRafal Krypa <r.krypa@samsung.com>
-
- 21 3月, 2014 1 次提交
-
-
由 Masanari Iida 提交于
Fix double words "the the" in various files within Documentations. Signed-off-by: NMasanari Iida <standby24x7@gmail.com> Signed-off-by: NJiri Kosina <jkosina@suse.cz>
-
- 03 1月, 2014 1 次提交
-
-
由 Mimi Zohar 提交于
Patch "ima: extend the measurement list to include the file signature" defined a new field called 'sig' and a new template called 'ima-sig'. This patch updates the Documentation/security/IMA-templates.txt. Changelog: - fixed formatting issues (Roberto Sassu) Reported-by: NRoberto Sassu <roberto.sassu@polito.it> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NRoberto Sassu <roberto.sassu@polito.it>
-
- 26 10月, 2013 1 次提交
-
-
由 Roberto Sassu 提交于
The original 'ima' template is fixed length, containing the filedata hash and pathname. The filedata hash is limited to 20 bytes (md5/sha1). The pathname is a null terminated string, limited to 255 characters. To overcome these limitations and to add additional file metadata, it is necessary to extend the current version of IMA by defining additional templates. The main reason to introduce this feature is that, each time a new template is defined, the functions that generate and display the measurement list would include the code for handling a new format and, thus, would significantly grow over time. This patch set solves this problem by separating the template management from the remaining IMA code. The core of this solution is the definition of two new data structures: a template descriptor, to determine which information should be included in the measurement list, and a template field, to generate and display data of a given type. To define a new template field, developers define the field identifier and implement two functions, init() and show(), respectively to generate and display measurement entries. Initially, this patch set defines the following template fields (support for additional data types will be added later): - 'd': the digest of the event (i.e. the digest of a measured file), calculated with the SHA1 or MD5 hash algorithm; - 'n': the name of the event (i.e. the file name), with size up to 255 bytes; - 'd-ng': the digest of the event, calculated with an arbitrary hash algorithm (field format: [<hash algo>:]digest, where the digest prefix is shown only if the hash algorithm is not SHA1 or MD5); - 'n-ng': the name of the event, without size limitations. Defining a new template descriptor requires specifying the template format, a string of field identifiers separated by the '|' character. This patch set defines the following template descriptors: - "ima": its format is 'd|n'; - "ima-ng" (default): its format is 'd-ng|n-ng' Further details about the new template architecture can be found in Documentation/security/IMA-templates.txt. Changelog: - don't defer calling ima_init_template() - Mimi - don't define ima_lookup_template_desc() until used - Mimi - squashed with documentation patch - Mimi Signed-off-by: NRoberto Sassu <roberto.sassu@polito.it> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
- 24 9月, 2013 2 次提交
-
-
由 David Howells 提交于
Define a __key_get() wrapper to use rather than atomic_inc() on the key usage count as this makes it easier to hook in refcount error debugging. Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
由 David Howells 提交于
Make make_key_ref() take a bool possession parameter and make is_key_possessed() return a bool. Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
- 20 3月, 2013 1 次提交
-
-
由 Rafal Krypa 提交于
Rule modifications are enabled via /smack/change-rule. Format is as follows: "Subject Object rwaxt rwaxt" First two strings are subject and object labels up to 255 characters. Third string contains permissions to enable. Fourth string contains permissions to disable. All unmentioned permissions will be left unchanged. If no rule previously existed, it will be created. Targeted for git://git.gitorious.org/smack-next/kernel.gitSigned-off-by: NRafal Krypa <r.krypa@samsung.com>
-
- 18 12月, 2012 1 次提交
-
-
由 Jarkko Sakkinen 提交于
keys-ecryptfs.txt was missing from 00-INDEX. Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@intel.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 08 10月, 2012 1 次提交
-
-
由 David Howells 提交于
Give the key type the opportunity to preparse the payload prior to the instantiation and update routines being called. This is done with the provision of two new key type operations: int (*preparse)(struct key_preparsed_payload *prep); void (*free_preparse)(struct key_preparsed_payload *prep); If the first operation is present, then it is called before key creation (in the add/update case) or before the key semaphore is taken (in the update and instantiate cases). The second operation is called to clean up if the first was called. preparse() is given the opportunity to fill in the following structure: struct key_preparsed_payload { char *description; void *type_data[2]; void *payload; const void *data; size_t datalen; size_t quotalen; }; Before the preparser is called, the first three fields will have been cleared, the payload pointer and size will be stored in data and datalen and the default quota size from the key_type struct will be stored into quotalen. The preparser may parse the payload in any way it likes and may store data in the type_data[] and payload fields for use by the instantiate() and update() ops. The preparser may also propose a description for the key by attaching it as a string to the description field. This can be used by passing a NULL or "" description to the add_key() system call or the key_create_or_update() function. This cannot work with request_key() as that required the description to tell the upcall about the key to be created. This, for example permits keys that store PGP public keys to generate their own name from the user ID and public key fingerprint in the key. The instantiate() and update() operations are then modified to look like this: int (*instantiate)(struct key *key, struct key_preparsed_payload *prep); int (*update)(struct key *key, struct key_preparsed_payload *prep); and the new payload data is passed in *prep, whether or not it was preparsed. Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
-
- 03 10月, 2012 1 次提交
-
-
由 David Howells 提交于
Use keyring_alloc() to create special keyrings now that it has a permissions parameter rather than using key_alloc() + key_instantiate_and_link(). Also document and export keyring_alloc() so that modules can use it too. Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
- 27 9月, 2012 1 次提交
-
-
由 Daniel Wagner 提交于
The userland git repository has been moved to a new place. Signed-off-by: NDaniel Wagner <daniel.wagner@bmw-carit.de> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: Rob Landley <rob@landley.net> Cc: linux-security-module@vger.kernel.org Cc: lkml@vger.kernel.org
-
- 19 9月, 2012 1 次提交
-
-
由 Rafal Krypa 提交于
Add /smack/revoke-subject special file. Writing a SMACK label to this file will set the access to '-' for all access rules with that subject label. Targeted for git://git.gitorious.org/smack-next/kernel.gitSigned-off-by: NRafal Krypa <r.krypa@samsung.com>
-
- 13 9月, 2012 1 次提交
-
-
由 David Howells 提交于
Give the key type the opportunity to preparse the payload prior to the instantiation and update routines being called. This is done with the provision of two new key type operations: int (*preparse)(struct key_preparsed_payload *prep); void (*free_preparse)(struct key_preparsed_payload *prep); If the first operation is present, then it is called before key creation (in the add/update case) or before the key semaphore is taken (in the update and instantiate cases). The second operation is called to clean up if the first was called. preparse() is given the opportunity to fill in the following structure: struct key_preparsed_payload { char *description; void *type_data[2]; void *payload; const void *data; size_t datalen; size_t quotalen; }; Before the preparser is called, the first three fields will have been cleared, the payload pointer and size will be stored in data and datalen and the default quota size from the key_type struct will be stored into quotalen. The preparser may parse the payload in any way it likes and may store data in the type_data[] and payload fields for use by the instantiate() and update() ops. The preparser may also propose a description for the key by attaching it as a string to the description field. This can be used by passing a NULL or "" description to the add_key() system call or the key_create_or_update() function. This cannot work with request_key() as that required the description to tell the upcall about the key to be created. This, for example permits keys that store PGP public keys to generate their own name from the user ID and public key fingerprint in the key. The instantiate() and update() operations are then modified to look like this: int (*instantiate)(struct key *key, struct key_preparsed_payload *prep); int (*update)(struct key *key, struct key_preparsed_payload *prep); and the new payload data is passed in *prep, whether or not it was preparsed. Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
- 10 8月, 2012 1 次提交
-
-
由 Kees Cook 提交于
The higher ptrace restriction levels should be blocking even PTRACE_TRACEME requests. The comments in the LSM documentation are misleading about when the checks happen (the parent does not go through security_ptrace_access_check() on a PTRACE_TRACEME call). Signed-off-by: NKees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org # 3.5.x and later Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
- 15 5月, 2012 1 次提交
-
-
由 Casey Schaufler 提交于
V4 updated to current linux-security#next Targeted for git://gitorious.org/smack-next/kernel.git Modern application runtime environments like to use naming schemes that are structured and generated without human intervention. Even though the Smack limit of 23 characters for a label name is perfectly rational for human use there have been complaints that the limit is a problem in environments where names are composed from a set or sources, including vendor, author, distribution channel and application name. Names like softwarehouse-pgwodehouse-coolappstore-mellowmuskrats are becoming harder to avoid. This patch introduces long label support in Smack. Labels are now limited to 255 characters instead of the old 23. The primary reason for limiting the labels to 23 characters was so they could be directly contained in CIPSO category sets. This is still done were possible, but for labels that are too large a mapping is required. This is perfectly safe for communication that stays "on the box" and doesn't require much coordination between boxes beyond what would have been required to keep label names consistent. The bulk of this patch is in smackfs, adding and updating administrative interfaces. Because existing APIs can't be changed new ones that do much the same things as old ones have been introduced. The Smack specific CIPSO data representation has been removed and replaced with the data format used by netlabel. The CIPSO header is now computed when a label is imported rather than on use. This results in improved IP performance. The smack label is now allocated separately from the containing structure, allowing for larger strings. Four new /smack interfaces have been introduced as four of the old interfaces strictly required labels be specified in fixed length arrays. The access interface is supplemented with the check interface: access "Subject Object rwxat" access2 "Subject Object rwaxt" The load interface is supplemented with the rules interface: load "Subject Object rwxat" load2 "Subject Object rwaxt" The load-self interface is supplemented with the self-rules interface: load-self "Subject Object rwxat" load-self2 "Subject Object rwaxt" The cipso interface is supplemented with the wire interface: cipso "Subject lvl cnt c1 c2 ..." cipso2 "Subject lvl cnt c1 c2 ..." The old interfaces are maintained for compatibility. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
- 11 5月, 2012 1 次提交
-
-
由 David Howells 提交于
Add support for invalidating a key - which renders it immediately invisible to further searches and causes the garbage collector to immediately wake up, remove it from keyrings and then destroy it when it's no longer referenced. It's better not to do this with keyctl_revoke() as that marks the key to start returning -EKEYREVOKED to searches when what is actually desired is to have the key refetched. To invalidate a key the caller must be granted SEARCH permission by the key. This may be too strict. It may be better to also permit invalidation if the caller has any of READ, WRITE or SETATTR permission. The primary use for this is to evict keys that are cached in special keyrings, such as the DNS resolver or an ID mapper. Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
- 26 4月, 2012 1 次提交
-
-
由 Jeff Layton 提交于
Acked-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NJeff Layton <jlayton@redhat.com>
-
- 19 4月, 2012 1 次提交
-
-
由 Kees Cook 提交于
This expands the available Yama ptrace restrictions to include two more modes. Mode 2 requires CAP_SYS_PTRACE for PTRACE_ATTACH, and mode 3 completely disables PTRACE_ATTACH (and locks the sysctl). Signed-off-by: NKees Cook <keescook@chromium.org> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
- 07 3月, 2012 1 次提交
-
-
由 Masanari Iida 提交于
Signed-off-by: NMasanari Iida <standby24x7@gmail.com> Acked-by: NRandy Dunlap <rdunlap@xenotime.net> Signed-off-by: NJiri Kosina <jkosina@suse.cz>
-
- 16 2月, 2012 1 次提交
-
-
由 Kees Cook 提交于
For a process to entirely disable Yama ptrace restrictions, it can use the special PR_SET_PTRACER_ANY pid to indicate that any otherwise allowed process may ptrace it. This is stronger than calling PR_SET_PTRACER with pid "1" because it includes processes in external pid namespaces. This is currently needed by the Chrome renderer, since its crash handler (Breakpad) runs external to the renderer's pid namespace. Signed-off-by: NKees Cook <keescook@chromium.org> Signed-off-by: NJames Morris <jmorris@namei.org>
-