14 Sep, 2011

1 commit

• d58e0da85   TOMOYO: Add environment variable name restriction support. ... Browse Code »

  This patch adds support for checking environment variable's names.
  Although TOMOYO already provides ability to check argv[]/envp[] passed to
  execve() requests,

  file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="bar"

  will reject execution of /bin/sh if environment variable LD_LIBRARY_PATH is not
  defined. To grant execution of /bin/sh if LD_LIBRARY_PATH is not defined,
  administrators have to specify like

  file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="/system/lib"
  file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]=NULL

  . Since there are many environment variables whereas conditional checks are
  applied as "&&", it is difficult to cover all combinations. Therefore, this
  patch supports conditional checks that are applied as "||", by specifying like

  file execute /bin/sh
  misc env LD_LIBRARY_PATH exec.envp["LD_LIBRARY_PATH"]="/system/lib"

  which means "grant execution of /bin/sh if environment variable is not defined
  or is defined and its value is /system/lib".

  Signed-off-by: Tetsuo Handa
  Signed-off-by: James Morris

  Tetsuo Handa

  2011-09-14 06:27:05 +0800