[PATCH v5 1/2] LSM: SafeSetID: gate setgid transitions
James Morris
jmorris at namei.org
Fri Mar 29 18:06:37 UTC 2019
On Tue, 5 Mar 2019, mortonm at chromium.org wrote:
> From: Micah Morton <mortonm at chromium.org>
>
> This patch generalizes the 'task_fix_setuid' LSM hook to enable hooking
> setgid transitions as well as setuid transitions. The hook is renamed to
> 'task_fix_setid'. The patch introduces calls to this hook from the
> setgid functions in kernel/sys.c. This will allow the SafeSetID LSM to
> govern setgid transitions in addition to setuid transitions. This patch
> also makes sure the setgid functions in kernel/sys.c call
> security_capable_setid rather than the ordinary security_capable
> function, so that the security_capable hook in the SafeSetID LSM knows
> it is being invoked from a setid function.
>
> Signed-off-by: Micah Morton <mortonm at chromium.org>
Wondering if there are any further comments or reviews for this before it
is merged?
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list