14 Dec, 2014

1 commit

• 51f39a1f0   syscalls: implement execveat() system call ... Browse Code »

  This patchset adds execveat(2) for x86, and is derived from Meredydd
  Luff's patch from Sept 2012 (https://lkml.org/lkml/2012/9/11/528).

  The primary aim of adding an execveat syscall is to allow an
  implementation of fexecve(3) that does not rely on the /proc filesystem,
  at least for executables (rather than scripts). The current glibc version
  of fexecve(3) is implemented via /proc, which causes problems in sandboxed
  or otherwise restricted environments.

  Given the desire for a /proc-free fexecve() implementation, HPA suggested
  (https://lkml.org/lkml/2006/7/11/556) that an execveat(2) syscall would be
  an appropriate generalization.

  Also, having a new syscall means that it can take a flags argument without
  back-compatibility concerns. The current implementation just defines the
  AT_EMPTY_PATH and AT_SYMLINK_NOFOLLOW flags, but other flags could be
  added in future -- for example, flags for new namespaces (as suggested at
  https://lkml.org/lkml/2006/7/11/474).

  Related history:
  - https://lkml.org/lkml/2006/12/27/123 is an example of someone
  realizing that fexecve() is likely to fail in a chroot environment.
  - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514043 covered
  documenting the /proc requirement of fexecve(3) in its manpage, to
  "prevent other people from wasting their time".
  - https://bugzilla.redhat.com/show_bug.cgi?id=241609 described a
  problem where a process that did setuid() could not fexecve()
  because it no longer had access to /proc/self/fd; this has since
  been fixed.

  This patch (of 4):

  Add a new execveat(2) system call. execveat() is to execve() as openat()
  is to open(): it takes a file descriptor that refers to a directory, and
  resolves the filename relative to that.

  In addition, if the filename is empty and AT_EMPTY_PATH is specified,
  execveat() executes the file to which the file descriptor refers. This
  replicates the functionality of fexecve(), which is a system call in other
  UNIXen, but in Linux glibc it depends on opening "/proc/self/fd/" (and
  so relies on /proc being mounted).

  The filename fed to the executed program as argv[0] (or the name of the
  script fed to a script interpreter) will be of the form "/dev/fd/"
  (for an empty filename) or "/dev/fd//", effectively
  reflecting how the executable was found. This does however mean that
  execution of a script in a /proc-less environment won't work; also, script
  execution via an O_CLOEXEC file descriptor fails (as the file will not be
  accessible after exec).

  Based on patches by Meredydd Luff.

  Signed-off-by: David Drysdale
  Cc: Meredydd Luff
  Cc: Shuah Khan
  Cc: "Eric W. Biederman"
  Cc: Andy Lutomirski
  Cc: Alexander Viro
  Cc: Thomas Gleixner
  Cc: Ingo Molnar
  Cc: "H. Peter Anvin"
  Cc: Kees Cook
  Cc: Arnd Bergmann
  Cc: Rich Felker
  Cc: Christoph Hellwig
  Cc: Michael Kerrisk
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  David Drysdale

  2014-12-14 04:42:51 +0800  

20 Mar, 2014

1 commit

• 4b5884114   audit: Add generic compat syscall support ... Browse Code »

  lib/audit.c provides a generic function for auditing system calls.
  This patch extends it for compat syscall support on bi-architectures
  (32/64-bit) by adding lib/compat_audit.c.
  What is required to support this feature are:
  * add asm/unistd32.h for compat system call names
  * select CONFIG_AUDIT_ARCH_COMPAT_GENERIC

  Signed-off-by: AKASHI Takahiro
  Acked-by: Richard Guy Briggs
  Signed-off-by: Eric Paris

  AKASHI Takahiro

  2014-03-20 22:11:35 +0800  

05 May, 2011

1 commit

• aaeb012fe   audit: support the "standard" <asm-generic/unistd.h> ... Browse Code »

  Many of the syscalls mentioned in the audit code are not present
  for architectures that implement only the "standard" set of
  Linux syscalls (e.g. openat, but not open, etc.). This change
  adds proper #ifdefs for all those syscalls.

  Acked-by: Arnd Bergmann
  Signed-off-by: Chris Metcalf

  Chris Metcalf

  2011-05-05 02:41:28 +0800  

11 May, 2007

2 commits

• e54dc2431   [PATCH] audit signal recipients ... Browse Code »

  When auditing syscalls that send signals, log the pid and security
  context for each target process. Optimize the data collection by
  adding a counter for signal-related rules, and avoiding allocating an
  aux struct unless we have more than one target process. For process
  groups, collect pid/context data in blocks of 16. Move the
  audit_signal_info() hook up in check_kill_permission() so we audit
  attempts where permission is denied.

  Signed-off-by: Amy Griffis
  Signed-off-by: Al Viro

  Amy Griffis

  2007-05-11 17:38:25 +0800  
• 7f13da40e   [PATCH] add SIGNAL syscall class (v3) ... Browse Code »

  Add a syscall class for sending signals.

  Signed-off-by: Amy Griffis
  Signed-off-by: Al Viro

  Amy Griffis

  2007-05-11 17:38:25 +0800  

23 Sep, 2006

1 commit

• a83fbf635   [PATCH] fix missing ifdefs in syscall classes hookup for generic targets ... Browse Code »

  several targets have no ....at() family and m32r calls its only chown variant
  chown32(), with __NR_chown being undefined. creat(2) is also absent in some
  targets.

  Signed-off-by: Al Viro
  Signed-off-by: Linus Torvalds

  Al Viro

  2006-09-23 08:48:56 +0800  

12 Sep, 2006

1 commit

• e65e1fc2d   [PATCH] syscall class hookup for all normal targets ... Browse Code »

  Take default arch/*/kernel/audit.c to lib/, have those with special
  needs (== biarch) define AUDIT_ARCH in their Kconfig.

  Signed-off-by: Al Viro

  Al Viro

  2006-09-12 15:04:40 +0800