[Maverick][GIT PULL] replacement of hacks with Yama
Kees Cook
kees at ubuntu.com
Tue Jun 29 21:12:18 UTC 2010
This replaces the individual symlink/hardlink/ptrace patches with the Yama
LSM that is being upstreamed currently. It includes a SAUCE patch to glue
it into place on Ubuntu, since there is no upstream way yet to sensibly
chain arbitrary LSMs. The PTRACE exception tracking patch is the
kernel-side of the fix for LP: #589841, but since it is intended for
upstream, I did not include the bug tags in the patch directly.
The following changes since commit 0719a918ccdaabb2188e94c94c4edceba5b56f03:
UBUNTU: Ubuntu-2.6.35-6.9 (2010-06-28 12:41:55 -0700)
are available in the git repository at:
git://kernel.ubuntu.com/kees/linux-2.6.git maverick-yama
Kees Cook (8):
Revert "ptrace: limit scope to attach only (allow read)"
Revert "UBUNTU: SAUCE: ptrace: restrict ptrace scope to children"
Revert "UBUNTU: SAUCE: fs: block hardlinks to non-accessible sources"
Revert "UBUNTU: SAUCE: fs: block cross-uid sticky symlinks"
security: Yama LSM
security: create task_free security callback
Yama: add PTRACE exception tracking and interface
SAUCE: security: unconditionally chain to Yama LSM
Documentation/Yama.txt | 91 +++++++++++
include/linux/prctl.h | 6 +
include/linux/security.h | 13 +-
kernel/fork.c | 1 +
kernel/ptrace.c | 25 ---
kernel/sysctl.c | 28 ----
security/Kconfig | 6 +
security/Makefile | 2 +
security/apparmor/lsm.c | 3 -
security/capability.c | 16 ++
security/commoncap.c | 68 --------
security/security.c | 44 +++++
security/yama/Kconfig | 13 ++
security/yama/Makefile | 3 +
security/yama/yama_lsm.c | 404 ++++++++++++++++++++++++++++++++++++++++++++++
15 files changed, 594 insertions(+), 129 deletions(-)
create mode 100644 Documentation/Yama.txt
create mode 100644 security/yama/Kconfig
create mode 100644 security/yama/Makefile
create mode 100644 security/yama/yama_lsm.c
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list