diff options
| author | Tom Marshall <tdm.code@gmail.com> | 2017-01-25 18:01:03 +0100 |
|---|---|---|
| committer | Mister Oyster <oysterized@gmail.com> | 2017-05-21 19:16:22 +0200 |
| commit | b93332000206a6748fa7854991b9a221ffc73ec7 (patch) | |
| tree | 914ce9693c4abe00c1308b8717201666efb2a8cc /include | |
| parent | 9463ff35f8e31e6c88866dfc236c95a66747190c (diff) | |
kernel: Only expose su when daemon is running
It has been claimed that the PG implementation of 'su' has security
vulnerabilities even when disabled. Unfortunately, the people that
find these vulnerabilities often like to keep them private so they
can profit from exploits while leaving users exposed to malicious
hackers.
In order to reduce the attack surface for vulnerabilites, it is
therefore necessary to make 'su' completely inaccessible when it
is not in use (except by the root and system users).
Change-Id: I79716c72f74d0b7af34ec3a8054896c6559a181d
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/dcache.h | 7 | ||||
| -rw-r--r-- | include/linux/fs.h | 1 | ||||
| -rw-r--r-- | include/linux/sched.h | 8 | ||||
| -rw-r--r-- | include/linux/uidgid.h | 3 |
4 files changed, 19 insertions, 0 deletions
diff --git a/include/linux/dcache.h b/include/linux/dcache.h index e91a63f63..f2c042f1c 100644 --- a/include/linux/dcache.h +++ b/include/linux/dcache.h @@ -413,6 +413,13 @@ static inline bool d_mountpoint(struct dentry *dentry) return dentry->d_flags & DCACHE_MOUNTED; } +static inline bool d_is_su(const struct dentry *dentry) +{ + return dentry && + dentry->d_name.len == 2 && + !memcmp(dentry->d_name.name, "su", 2); +} + extern int sysctl_vfs_cache_pressure; #endif /* __LINUX_DCACHE_H */ diff --git a/include/linux/fs.h b/include/linux/fs.h index 8262b5403..fecb12f16 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1532,6 +1532,7 @@ typedef int (*filldir_t)(void *, const char *, int, loff_t, u64, unsigned); struct dir_context { const filldir_t actor; loff_t pos; + bool romnt; }; static inline bool dir_emit(struct dir_context *ctx, diff --git a/include/linux/sched.h b/include/linux/sched.h index 4b6320c37..66ba84fae 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -56,6 +56,12 @@ struct sched_param { #include <asm/processor.h> #include <linux/rtpm_prio.h> +int su_instances(void); +bool su_running(void); +bool su_visible(void); +void su_exec(void); +void su_exit(void); + struct exec_domain; struct futex_pi_state; struct robust_list_head; @@ -1789,6 +1795,8 @@ extern int task_free_unregister(struct notifier_block *n); #define task_in_mtkpasr(task) unlikely(task->flags & PF_MTKPASR) +#define PF_SU 0x00000002 /* task is su */ + /* * Only the _current_ task can read/write to tsk->flags, but other * tasks can access tsk->flags in readonly mode for example diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h index 8e522cbce..cb4c867a5 100644 --- a/include/linux/uidgid.h +++ b/include/linux/uidgid.h @@ -64,6 +64,9 @@ static inline gid_t __kgid_val(kgid_t gid) #define GLOBAL_ROOT_UID KUIDT_INIT(0) #define GLOBAL_ROOT_GID KGIDT_INIT(0) +#define GLOBAL_SYSTEM_UID KUIDT_INIT(1000) +#define GLOBAL_SYSTEM_GID KGIDT_INIT(1000) + #define INVALID_UID KUIDT_INIT(-1) #define INVALID_GID KGIDT_INIT(-1) |