[PATCH] LSM: SafeSetID: fix UID printed instead of GID
kernel test robot
lkp at intel.com
Tue May 2 21:03:24 UTC 2023
Hi Alexander,
kernel test robot noticed the following build errors:
[auto build test ERROR on pcmoore-audit/next]
[also build test ERROR on pcmoore-selinux/next linus/master v6.3 next-20230428]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Alexander-Mikhalitsyn/LSM-SafeSetID-fix-UID-printed-instead-of-GID/20230502-222024
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
patch link: https://lore.kernel.org/r/20230502141832.217234-1-aleksandr.mikhalitsyn%40canonical.com
patch subject: [PATCH] LSM: SafeSetID: fix UID printed instead of GID
config: mips-allyesconfig (https://download.01.org/0day-ci/archive/20230503/202305030431.SqnvfRsU-lkp@intel.com/config)
compiler: mips-linux-gcc (GCC) 12.1.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/9feeb800b8aaabd299e4b9f2a81f04de983046c0
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Alexander-Mikhalitsyn/LSM-SafeSetID-fix-UID-printed-instead-of-GID/20230502-222024
git checkout 9feeb800b8aaabd299e4b9f2a81f04de983046c0
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=mips olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=mips SHELL=/bin/bash
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp at intel.com>
| Link: https://lore.kernel.org/oe-kbuild-all/202305030431.SqnvfRsU-lkp@intel.com/
All errors (new ones prefixed by >>):
In file included from include/asm-generic/bug.h:22,
from arch/mips/include/asm/bug.h:42,
from include/linux/bug.h:5,
from arch/mips/include/asm/cmpxchg.h:11,
from arch/mips/include/asm/atomic.h:23,
from include/linux/atomic.h:7,
from include/linux/rcupdate.h:25,
from include/linux/rbtree.h:24,
from include/linux/key.h:15,
from include/linux/security.h:27,
from include/linux/lsm_hooks.h:28,
from security/safesetid/lsm.c:17:
security/safesetid/lsm.c: In function 'safesetid_security_capable':
>> security/safesetid/lsm.c:134:40: error: incompatible type for argument 1 of '__kuid_val'
134 | __kuid_val(cred->gid));
| ~~~~^~~~~
| |
| kgid_t
include/linux/printk.h:427:33: note: in definition of macro 'printk_index_wrap'
427 | _p_func(_fmt, ##__VA_ARGS__); \
| ^~~~~~~~~~~
include/linux/printk.h:508:9: note: in expansion of macro 'printk'
508 | printk(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
| ^~~~~~
security/safesetid/lsm.c:133:17: note: in expansion of macro 'pr_warn'
133 | pr_warn("Operation requires CAP_SETGID, which is not available to GID %u for operations besides approved set*gid transitions\n",
| ^~~~~~~
In file included from include/linux/sysctl.h:29,
from include/linux/key.h:17:
include/linux/uidgid.h:34:39: note: expected 'kuid_t' but argument is of type 'kgid_t'
34 | static inline uid_t __kuid_val(kuid_t uid)
| ~~~~~~~^~~
vim +/__kuid_val +134 security/safesetid/lsm.c
16
> 17 #include <linux/lsm_hooks.h>
18 #include <linux/module.h>
19 #include <linux/ptrace.h>
20 #include <linux/sched/task_stack.h>
21 #include <linux/security.h>
22 #include "lsm.h"
23
24 /* Flag indicating whether initialization completed */
25 int safesetid_initialized __initdata;
26
27 struct setid_ruleset __rcu *safesetid_setuid_rules;
28 struct setid_ruleset __rcu *safesetid_setgid_rules;
29
30
31 /* Compute a decision for a transition from @src to @dst under @policy. */
32 enum sid_policy_type _setid_policy_lookup(struct setid_ruleset *policy,
33 kid_t src, kid_t dst)
34 {
35 struct setid_rule *rule;
36 enum sid_policy_type result = SIDPOL_DEFAULT;
37
38 if (policy->type == UID) {
39 hash_for_each_possible(policy->rules, rule, next, __kuid_val(src.uid)) {
40 if (!uid_eq(rule->src_id.uid, src.uid))
41 continue;
42 if (uid_eq(rule->dst_id.uid, dst.uid))
43 return SIDPOL_ALLOWED;
44 result = SIDPOL_CONSTRAINED;
45 }
46 } else if (policy->type == GID) {
47 hash_for_each_possible(policy->rules, rule, next, __kgid_val(src.gid)) {
48 if (!gid_eq(rule->src_id.gid, src.gid))
49 continue;
50 if (gid_eq(rule->dst_id.gid, dst.gid)){
51 return SIDPOL_ALLOWED;
52 }
53 result = SIDPOL_CONSTRAINED;
54 }
55 } else {
56 /* Should not reach here, report the ID as contrainsted */
57 result = SIDPOL_CONSTRAINED;
58 }
59 return result;
60 }
61
62 /*
63 * Compute a decision for a transition from @src to @dst under the active
64 * policy.
65 */
66 static enum sid_policy_type setid_policy_lookup(kid_t src, kid_t dst, enum setid_type new_type)
67 {
68 enum sid_policy_type result = SIDPOL_DEFAULT;
69 struct setid_ruleset *pol;
70
71 rcu_read_lock();
72 if (new_type == UID)
73 pol = rcu_dereference(safesetid_setuid_rules);
74 else if (new_type == GID)
75 pol = rcu_dereference(safesetid_setgid_rules);
76 else { /* Should not reach here */
77 result = SIDPOL_CONSTRAINED;
78 rcu_read_unlock();
79 return result;
80 }
81
82 if (pol) {
83 pol->type = new_type;
84 result = _setid_policy_lookup(pol, src, dst);
85 }
86 rcu_read_unlock();
87 return result;
88 }
89
90 static int safesetid_security_capable(const struct cred *cred,
91 struct user_namespace *ns,
92 int cap,
93 unsigned int opts)
94 {
95 /* We're only interested in CAP_SETUID and CAP_SETGID. */
96 if (cap != CAP_SETUID && cap != CAP_SETGID)
97 return 0;
98
99 /*
100 * If CAP_SET{U/G}ID is currently used for a setid or setgroups syscall, we
101 * want to let it go through here; the real security check happens later, in
102 * the task_fix_set{u/g}id or task_fix_setgroups hooks.
103 */
104 if ((opts & CAP_OPT_INSETID) != 0)
105 return 0;
106
107 switch (cap) {
108 case CAP_SETUID:
109 /*
110 * If no policy applies to this task, allow the use of CAP_SETUID for
111 * other purposes.
112 */
113 if (setid_policy_lookup((kid_t){.uid = cred->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT)
114 return 0;
115 /*
116 * Reject use of CAP_SETUID for functionality other than calling
117 * set*uid() (e.g. setting up userns uid mappings).
118 */
119 pr_warn("Operation requires CAP_SETUID, which is not available to UID %u for operations besides approved set*uid transitions\n",
120 __kuid_val(cred->uid));
121 return -EPERM;
122 case CAP_SETGID:
123 /*
124 * If no policy applies to this task, allow the use of CAP_SETGID for
125 * other purposes.
126 */
127 if (setid_policy_lookup((kid_t){.gid = cred->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT)
128 return 0;
129 /*
130 * Reject use of CAP_SETUID for functionality other than calling
131 * set*gid() (e.g. setting up userns gid mappings).
132 */
133 pr_warn("Operation requires CAP_SETGID, which is not available to GID %u for operations besides approved set*gid transitions\n",
> 134 __kuid_val(cred->gid));
135 return -EPERM;
136 default:
137 /* Error, the only capabilities were checking for is CAP_SETUID/GID */
138 return 0;
139 }
140 return 0;
141 }
142
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
More information about the Linux-security-module-archive
mailing list