[PATCH V3 09/10] capabilities: fix logic for effective root or real root

[PATCH V3 00/10] capabilities: do not audit log BPRM_FCAPS on set*id · Richard Guy Briggs <hidden> · 2017-08-23
[PATCH V3 01/10] capabilities: factor out cap_bprm_set_creds privileged root · Richard Guy Briggs <hidden> · 2017-08-23
[PATCH V3 01/10] capabilities: factor out cap_bprm_set_creds privileged root · serge@hallyn.com (Serge E. Hallyn) · 2017-08-24
[PATCH V3 01/10] capabilities: factor out cap_bprm_set_creds privileged root · jmorris@namei.org (James Morris) · 2017-08-25
[PATCH V3 01/10] capabilities: factor out cap_bprm_set_creds privileged root · Richard Guy Briggs <hidden> · 2017-08-25
[PATCH V3 02/10] capabilities: intuitive names for cap gain status · Richard Guy Briggs <hidden> · 2017-08-23
[PATCH V3 02/10] capabilities: intuitive names for cap gain status · serge@hallyn.com (Serge E. Hallyn) · 2017-08-24
[PATCH V3 02/10] capabilities: intuitive names for cap gain status · Richard Guy Briggs <hidden> · 2017-08-24
[PATCH V3 02/10] capabilities: intuitive names for cap gain status · serge@hallyn.com (Serge E. Hallyn) · 2017-08-24
[PATCH V3 02/10] capabilities: intuitive names for cap gain status · Kees Cook <hidden> · 2017-08-24
[PATCH V3 02/10] capabilities: intuitive names for cap gain status · paul@paul-moore.com (Paul Moore) · 2017-08-24
[PATCH V3 02/10] capabilities: intuitive names for cap gain status · Richard Guy Briggs <hidden> · 2017-08-28
[PATCH V3 02/10] capabilities: intuitive names for cap gain status · Richard Guy Briggs <hidden> · 2017-08-28
[PATCH V3 02/10] capabilities: intuitive names for cap gain status · Richard Guy Briggs <hidden> · 2017-09-01
[PATCH V3 02/10] capabilities: intuitive names for cap gain status · serge@hallyn.com (Serge E. Hallyn) · 2017-09-02
[PATCH V3 02/10] capabilities: intuitive names for cap gain status · Richard Guy Briggs <hidden> · 2017-09-04
[PATCH V3 02/10] capabilities: intuitive names for cap gain status · Richard Guy Briggs <hidden> · 2017-09-05
[PATCH V3 02/10] capabilities: intuitive names for cap gain status · jmorris@namei.org (James Morris) · 2017-08-25
[PATCH V3 02/10] capabilities: intuitive names for cap gain status · luto@kernel.org (Andy Lutomirski) · 2017-08-25
[PATCH V3 02/10] capabilities: intuitive names for cap gain status · serge@hallyn.com (Serge E. Hallyn) · 2017-08-25
[PATCH V3 03/10] capabilities: rename has_cap to has_fcap · Richard Guy Briggs <hidden> · 2017-08-23
[PATCH V3 03/10] capabilities: rename has_cap to has_fcap · serge@hallyn.com (Serge E. Hallyn) · 2017-08-24
[PATCH V3 03/10] capabilities: rename has_cap to has_fcap · jmorris@namei.org (James Morris) · 2017-08-25
[PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic · Richard Guy Briggs <hidden> · 2017-08-23
[PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic · serge@hallyn.com (Serge E. Hallyn) · 2017-08-24
[PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic · jmorris@namei.org (James Morris) · 2017-08-25
[PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic · Richard Guy Briggs <hidden> · 2017-08-28
[PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic · serge@hallyn.com (Serge E. Hallyn) · 2017-08-31
[PATCH V3 05/10] capabilities: use intuitive names for id changes · Richard Guy Briggs <hidden> · 2017-08-23
[PATCH V3 05/10] capabilities: use intuitive names for id changes · serge@hallyn.com (Serge E. Hallyn) · 2017-08-24
[PATCH V3 05/10] capabilities: use intuitive names for id changes · jmorris@namei.org (James Morris) · 2017-08-25
[PATCH V3 05/10] capabilities: use intuitive names for id changes · luto@kernel.org (Andy Lutomirski) · 2017-08-25
[PATCH V3 05/10] capabilities: use intuitive names for id changes · serge@hallyn.com (Serge E. Hallyn) · 2017-08-25
[PATCH V3 05/10] capabilities: use intuitive names for id changes · luto@amacapital.net (Andy Lutomirski) · 2017-08-25
[PATCH V3 05/10] capabilities: use intuitive names for id changes · serge@hallyn.com (Serge E. Hallyn) · 2017-08-25
[PATCH V3 05/10] capabilities: use intuitive names for id changes · jmorris@namei.org (James Morris) · 2017-08-28
[PATCH V3 05/10] capabilities: use intuitive names for id changes · Richard Guy Briggs <hidden> · 2017-08-28
[PATCH V3 05/10] capabilities: use intuitive names for id changes · luto@amacapital.net (Andy Lutomirski) · 2017-08-28
[PATCH V3 06/10] capabilities: move audit log decision to function · Richard Guy Briggs <hidden> · 2017-08-23
[PATCH V3 06/10] capabilities: move audit log decision to function · serge@hallyn.com (Serge E. Hallyn) · 2017-08-24
[PATCH V3 06/10] capabilities: move audit log decision to function · jmorris@namei.org (James Morris) · 2017-08-25
[PATCH V3 07/10] capabilities: remove a layer of conditional logic · Richard Guy Briggs <hidden> · 2017-08-23
[PATCH V3 07/10] capabilities: remove a layer of conditional logic · serge@hallyn.com (Serge E. Hallyn) · 2017-08-24
[PATCH V3 07/10] capabilities: remove a layer of conditional logic · jmorris@namei.org (James Morris) · 2017-08-25
[PATCH V3 07/10] capabilities: remove a layer of conditional logic · luto@kernel.org (Andy Lutomirski) · 2017-08-25
[PATCH V3 07/10] capabilities: remove a layer of conditional logic · serge@hallyn.com (Serge E. Hallyn) · 2017-08-25
[PATCH V3 08/10] capabilities: invert logic for clarity · Richard Guy Briggs <hidden> · 2017-08-23
[PATCH V3 08/10] capabilities: invert logic for clarity · serge@hallyn.com (Serge E. Hallyn) · 2017-08-24
[PATCH V3 08/10] capabilities: invert logic for clarity · jmorris@namei.org (James Morris) · 2017-08-25
[PATCH V3 09/10] capabilities: fix logic for effective root or real root · Richard Guy Briggs <hidden> · 2017-08-23
[PATCH V3 09/10] capabilities: fix logic for effective root or real root · serge@hallyn.com (Serge E. Hallyn) · 2017-08-24
[PATCH V3 09/10] capabilities: fix logic for effective root or real root · Richard Guy Briggs <hidden> · 2017-08-24
[PATCH V3 09/10] capabilities: fix logic for effective root or real root · serge@hallyn.com (Serge E. Hallyn) · 2017-08-24
[PATCH V3 09/10] capabilities: fix logic for effective root or real root · jmorris@namei.org (James Morris) · 2017-08-25
[PATCH V3 10/10] capabilities: audit log other surprising conditions · Richard Guy Briggs <hidden> · 2017-08-23
[PATCH V3 10/10] capabilities: audit log other surprising conditions · serge@hallyn.com (Serge E. Hallyn) · 2017-08-24
[PATCH V3 10/10] capabilities: audit log other surprising conditions · jmorris@namei.org (James Morris) · 2017-08-25

STALE3190d REVIEWED: 2 (2M)

From: serge@hallyn.com (Serge E. Hallyn)
Date: 2017-08-24 16:29:46

Quoting Richard Guy Briggs (rgb at redhat.com):

Now that the logic is inverted, it is much easier to see that both real root
and effective root conditions had to be met to avoid printing the BPRM_FCAPS
record with audit syscalls.  This meant that any setuid root applications would
print a full BPRM_FCAPS record when it wasn't necessary, cluttering the event
output, since the SYSCALL and PATH records indicated the presence of the setuid
bit and effective root user id.

Require only one of effective root or real root to avoid printing the
unnecessary record.

Ref: 3fc689e96c0c (Add audit_log_bprm_fcaps/AUDIT_BPRM_FCAPS)
See: https://github.com/linux-audit/audit-kernel/issues/16

Signed-off-by: Richard Guy Briggs <redacted>

Reviewed-by: Serge Hallyn <serge@hallyn.com>

I wonder whether,

quoted hunk ↗ jump to hunk

---
 security/commoncap.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/security/commoncap.c b/security/commoncap.c
index eb2da69..49cce06 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c

@@ -540,7 +540,7 @@ static inline bool is_setgid(struct cred *new, const struct cred *old)
  *
  * We do not bother to audit if 3 things are true:
  *   1) cap_effective has all caps
- *   2) we are root
+ *   2) we became root *OR* are root

For clarity, what do you think about adding "(because fcaps were not used)"?

quoted hunk ↗ jump to hunk

  *   3) root is supposed to have all caps (SECURE_NOROOT)
  * Since this is just a normal root execing a process.
  *

@@ -553,8 +553,8 @@ static inline bool nonroot_raised_pE(struct cred *cred, kuid_t root)
 
 	if (cap_grew(effective, ambient, cred) &&
 	    !(cap_full(effective, cred) &&
-	      is_eff(root, cred) &&
-	      is_real(root, cred) &&
+	      (is_eff(root, cred) ||
+	       is_real(root, cred)) &&
 	      root_privileged()))
 		ret = true;
 	return ret;

-- 
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help