From: Chris Wright Stephen Smalley notes that send_sigurg isn't mediated by LSM in the same manner as send_sigio. Patch below is a slight modification of Stephen's original patch. It moves the security_file_send_sigiotask() hook into the sigio_perm(). The hook's fd and reason arguments are replaced with the signum. sigio_perm() and it's callers are updated to pass the signum through to the hook. In send_sigio case, the signum is simply fown->signum or SIGIO when signum is 0, however in send_sigurg the kernel doesn't use fown->signum, it always sends SIGURG. From: Stephen Smalley Signed-off-by: Chris Wright Signed-off-by: Andrew Morton --- 25-akpm/fs/fcntl.c | 16 +++++++--------- 25-akpm/include/linux/security.h | 22 ++++++++++------------ 25-akpm/security/dummy.c | 3 +-- 25-akpm/security/selinux/hooks.c | 7 +++---- 4 files changed, 21 insertions(+), 27 deletions(-) diff -puN fs/fcntl.c~fix-send_sigurg-mediation fs/fcntl.c --- 25/fs/fcntl.c~fix-send_sigurg-mediation 2004-10-21 20:46:57.634433696 -0700 +++ 25-akpm/fs/fcntl.c 2004-10-21 20:46:57.643432328 -0700 @@ -431,11 +431,12 @@ static long band_table[NSIGPOLL] = { }; static inline int sigio_perm(struct task_struct *p, - struct fown_struct *fown) + struct fown_struct *fown, int sig) { - return ((fown->euid == 0) || - (fown->euid == p->suid) || (fown->euid == p->uid) || - (fown->uid == p->suid) || (fown->uid == p->uid)); + return (((fown->euid == 0) || + (fown->euid == p->suid) || (fown->euid == p->uid) || + (fown->uid == p->suid) || (fown->uid == p->uid)) && + !security_file_send_sigiotask(p, fown, sig)); } static void send_sigio_to_task(struct task_struct *p, @@ -443,10 +444,7 @@ static void send_sigio_to_task(struct ta int fd, int reason) { - if (!sigio_perm(p, fown)) - return; - - if (security_file_send_sigiotask(p, fown, fd, reason)) + if (!sigio_perm(p, fown, fown->signum)) return; switch (fown->signum) { @@ -508,7 +506,7 @@ void send_sigio(struct fown_struct *fown static void send_sigurg_to_task(struct task_struct *p, struct fown_struct *fown) { - if (sigio_perm(p, fown)) + if (sigio_perm(p, fown, SIGURG)) send_group_sig_info(SIGURG, SEND_SIG_PRIV, p); } diff -puN include/linux/security.h~fix-send_sigurg-mediation include/linux/security.h --- 25/include/linux/security.h~fix-send_sigurg-mediation 2004-10-21 20:46:57.636433392 -0700 +++ 25-akpm/include/linux/security.h 2004-10-21 20:57:37.579147312 -0700 @@ -488,16 +488,15 @@ struct swap_info_struct; * @file contains the file structure to update. * Return 0 on success. * @file_send_sigiotask: - * Check permission for the file owner @fown to send SIGIO to the process - * @tsk. Note that this hook is always called from interrupt. Note that - * the fown_struct, @fown, is never outside the context of a struct file, - * so the file structure (and associated security information) can always - * be obtained: + * Check permission for the file owner @fown to send SIGIO or SIGURG to the + * process @tsk. Note that this hook is sometimes called from interrupt. + * Note that the fown_struct, @fown, is never outside the context of a + * struct file, so the file structure (and associated security information) + * can always be obtained: * (struct file *)((long)fown - offsetof(struct file,f_owner)); * @tsk contains the structure of task receiving signal. * @fown contains the file owner information. - * @fd contains the file descriptor. - * @reason contains the operational flags. + * @sig is the signal that will be sent. When 0, kernel sends SIGIO. * Return 0 if permission is granted. * @file_receive: * This hook allows security modules to control the ability of a process @@ -1135,8 +1134,7 @@ struct security_operations { unsigned long arg); int (*file_set_fowner) (struct file * file); int (*file_send_sigiotask) (struct task_struct * tsk, - struct fown_struct * fown, - int fd, int reason); + struct fown_struct * fown, int sig); int (*file_receive) (struct file * file); int (*task_create) (unsigned long clone_flags); @@ -1657,9 +1655,9 @@ static inline int security_file_set_fown static inline int security_file_send_sigiotask (struct task_struct *tsk, struct fown_struct *fown, - int fd, int reason) + int sig) { - return security_ops->file_send_sigiotask (tsk, fown, fd, reason); + return security_ops->file_send_sigiotask (tsk, fown, sig); } static inline int security_file_receive (struct file *file) @@ -2299,7 +2297,7 @@ static inline int security_file_set_fown static inline int security_file_send_sigiotask (struct task_struct *tsk, struct fown_struct *fown, - int fd, int reason) + int sig) { return 0; } diff -puN security/dummy.c~fix-send_sigurg-mediation security/dummy.c --- 25/security/dummy.c~fix-send_sigurg-mediation 2004-10-21 20:46:57.638433088 -0700 +++ 25-akpm/security/dummy.c 2004-10-21 20:46:57.646431872 -0700 @@ -518,8 +518,7 @@ static int dummy_file_set_fowner (struct } static int dummy_file_send_sigiotask (struct task_struct *tsk, - struct fown_struct *fown, int fd, - int reason) + struct fown_struct *fown, int sig) { return 0; } diff -puN security/selinux/hooks.c~fix-send_sigurg-mediation security/selinux/hooks.c --- 25/security/selinux/hooks.c~fix-send_sigurg-mediation 2004-10-21 20:46:57.639432936 -0700 +++ 25-akpm/security/selinux/hooks.c 2004-10-21 20:57:13.001883624 -0700 @@ -2562,8 +2562,7 @@ static int selinux_file_set_fowner(struc } static int selinux_file_send_sigiotask(struct task_struct *tsk, - struct fown_struct *fown, - int fd, int reason) + struct fown_struct *fown, int signum) { struct file *file; u32 perm; @@ -2576,10 +2575,10 @@ static int selinux_file_send_sigiotask(s tsec = tsk->security; fsec = file->f_security; - if (!fown->signum) + if (!signum) perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */ else - perm = signal_to_av(fown->signum); + perm = signal_to_av(signum); return avc_has_perm(fsec->fown_sid, tsec->sid, SECCLASS_PROCESS, perm, NULL, NULL); _