[APPLIED] [Maverick][GIT PULL] replacement of hacks with Yama

Leann Ogasawara leann.ogasawara at canonical.com
Thu Jul 1 21:38:16 UTC 2010 

Applied to maverick linux master.  I took the liberty to tweak the
commit messages per the discussions in the thread.

Thanks,
Leann

On Tue, 2010-06-29 at 14:12 -0700, Kees Cook wrote: 
> This replaces the individual symlink/hardlink/ptrace patches with the Yama
> LSM that is being upstreamed currently.  It includes a SAUCE patch to glue
> it into place on Ubuntu, since there is no upstream way yet to sensibly
> chain arbitrary LSMs.  The PTRACE exception tracking patch is the
> kernel-side of the fix for LP: #589841, but since it is intended for
> upstream, I did not include the bug tags in the patch directly.
> 
> The following changes since commit 0719a918ccdaabb2188e94c94c4edceba5b56f03:
> 
>   UBUNTU: Ubuntu-2.6.35-6.9 (2010-06-28 12:41:55 -0700)
> 
> are available in the git repository at:
>   git://kernel.ubuntu.com/kees/linux-2.6.git maverick-yama
> 
> Kees Cook (8):
>       Revert "ptrace: limit scope to attach only (allow read)"
>       Revert "UBUNTU: SAUCE: ptrace: restrict ptrace scope to children"
>       Revert "UBUNTU: SAUCE: fs: block hardlinks to non-accessible sources"
>       Revert "UBUNTU: SAUCE: fs: block cross-uid sticky symlinks"
>       security: Yama LSM
>       security: create task_free security callback
>       Yama: add PTRACE exception tracking and interface
>       SAUCE: security: unconditionally chain to Yama LSM
> 
>  Documentation/Yama.txt   |   91 +++++++++++
>  include/linux/prctl.h    |    6 +
>  include/linux/security.h |   13 +-
>  kernel/fork.c            |    1 +
>  kernel/ptrace.c          |   25 ---
>  kernel/sysctl.c          |   28 ----
>  security/Kconfig         |    6 +
>  security/Makefile        |    2 +
>  security/apparmor/lsm.c  |    3 -
>  security/capability.c    |   16 ++
>  security/commoncap.c     |   68 --------
>  security/security.c      |   44 +++++
>  security/yama/Kconfig    |   13 ++
>  security/yama/Makefile   |    3 +
>  security/yama/yama_lsm.c |  404 ++++++++++++++++++++++++++++++++++++++++++++++
>  15 files changed, 594 insertions(+), 129 deletions(-)
>  create mode 100644 Documentation/Yama.txt
>  create mode 100644 security/yama/Kconfig
>  create mode 100644 security/yama/Makefile
>  create mode 100644 security/yama/yama_lsm.c
> 
> -- 
> Kees Cook
> Ubuntu Security Team
>

More information about the kernel-team mailing list