* Fri Sep 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-3

- Security fixes for seunshare
- Fix Sandbox to handle non file input to command.
This commit is contained in:
Daniel J Walsh 2009-09-19 01:40:53 +00:00
parent b98d816316
commit 425e7d2796
2 changed files with 24 additions and 34 deletions

View File

@ -1222,8 +1222,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.74/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.74/sandbox/sandbox 2009-09-17 15:05:17.000000000 -0400
@@ -0,0 +1,202 @@
+++ policycoreutils-2.0.74/sandbox/sandbox 2009-09-18 21:38:37.000000000 -0400
@@ -0,0 +1,207 @@
+#!/usr/bin/python -E
+import os, sys, getopt, socket, random, fcntl, shutil
+import selinux
@ -1390,7 +1390,12 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ warnings.resetwarnings()
+ paths = []
+ for i in cmds:
+ paths.append(os.path.realpath(i))
+ f = os.path.realpath(i)
+ if os.path.exists(f):
+ paths.append(f)
+ else:
+ paths.append(i)
+
+ copyfiles(newhomedir, newtmpdir, init_files + paths)
+ execfile = newhomedir + "/.sandboxrc"
+ fd = open(execfile, "w+")
@ -1478,8 +1483,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+done
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.74/sandbox/seunshare.c
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.74/sandbox/seunshare.c 2009-09-17 15:05:44.000000000 -0400
@@ -0,0 +1,284 @@
+++ policycoreutils-2.0.74/sandbox/seunshare.c 2009-09-18 09:58:46.000000000 -0400
@@ -0,0 +1,265 @@
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/wait.h>
@ -1506,33 +1511,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+#include <unistd.h>
+
+/**
+ * This function will drop the capabilities so that we are left
+ * only with access to the audit system and the ability to raise
+ * CAP_SYS_ADMIN before invoking unshare and mounting a couple of directories.
+ * These capabilities are needed for performing bind mounts/unmounts
+ * and to create potential new instance directories with appropriate
+ * DAC attributes.
+ *
+ * This function will drop all capabilities
+ * Returns zero on success, non-zero otherwise
+ */
+static int drop_capabilities(int all, uid_t uid)
+static int drop_capabilities(uid_t uid)
+{
+ capng_clear(CAPNG_SELECT_BOTH);
+
+ if (all) {
+ if (capng_lock() < 0)
+ return -1;
+ /* Change uid */
+ if (setresuid(uid, uid, uid)) {
+ fprintf(stderr, "Error changing uid, aborting.\n");
+ return -1;
+ }
+ } else {
+ if (capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_SETPCAP, CAP_SETUID, -1) < 0) {
+ fprintf(stderr, "Error running capng_updatev\n");
+ return -1;
+ }
+ }
+
+ return capng_apply(CAPNG_SELECT_BOTH);
+}
@ -1626,7 +1617,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ {"tmpdir", 1, 0, 't'},
+ {NULL, 0, 0, 0}
+ };
+ capng_print_caps_text(CAPNG_PRINT_STDOUT, CAPNG_EFFECTIVE);
+
+ uid_t uid = getuid();
+
@ -1643,10 +1633,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+
+ if (verify_shell(pwd->pw_shell) == 0) {
+ fprintf(stderr, "Error! Shell is not valid.\n");
+ }
+
+ if (drop_capabilities(FALSE, uid)) {
+ perror("Failed to drop capabilities");
+ return -1;
+ }
+
@ -1710,7 +1696,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ if (tmpdir_s && verify_mount("/tmp", pwd) < 0)
+ return -1;
+
+ if (drop_capabilities(TRUE, uid)) {
+ if (drop_capabilities(uid)) {
+ perror("Failed to drop all capabilities");
+ return -1;
+ }

View File

@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.74
Release: 2%{?dist}
Release: 3%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -297,6 +297,10 @@ fi
exit 0
%changelog
* Fri Sep 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-3
- Security fixes for seunshare
- Fix Sandbox to handle non file input to command.
* Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-2
- Security fixes for seunshare