SE Linux patch for kdm
The attached patch adds NSA SE Linux support to kdm. This means that the kdm
binary (which I run in domain gdm_t because gdm and kdm have identical
requirements) will change the security domain to the user domain if running
on a SE kernel.
The support is pretty minimal at the moment, and could be improved. If I had
more spare time I'd look closely at the helper programs and maybe move them
into a different domain. Also this code doesn't support asking the user
which of their security domains they wish to use (it uses the default in the
same way as sshd).
But for basic SE support this should do.
--
Signatures >4 lines are rude. If you send email to me or to a mailing list
that I am subscribed to which has >4 lines of legalistic junk at the end
then you are specifically authorizing me to do whatever I wish with the
message (the sig won't be read).
diff -ru kdebase-2.2.2.orig/debian/changelog kdebase-2.2.2/debian/changelog
--- kdebase-2.2.2.orig/debian/changelog Thu Feb 21 22:52:27 2002
+++ kdebase-2.2.2/debian/changelog Thu Feb 21 11:40:03 2002
@@ -1,3 +1,9 @@
+kdebase (4:2.2.2-13.se1) unstable; urgency=low
+
+ * Hacked kdm for SE Linux support.
+
+ -- Russell Coker <russell@coker.com.au> Thu, 21 Feb 2002 11:39:00 +1100
+
kdebase (4:2.2.2-13) unstable; urgency=low
* Adopting orphaned package. Thanks Ivan for all your great work on KDE over
diff -ru kdebase-2.2.2.orig/debian/rules kdebase-2.2.2/debian/rules
--- kdebase-2.2.2.orig/debian/rules Thu Feb 21 22:52:27 2002
+++ kdebase-2.2.2/debian/rules Wed Feb 20 00:30:23 2002
@@ -7,9 +7,11 @@
export DH_COMPAT=3
tmp = $(shell pwd)/debian/kdebase
ARCH = $(shell dpkg-architecture -qDEB_BUILD_ARCH)
+export CFLAGS=-DCONFIG_FLASK
+export CXXFLAGS=-DCONFIG_FLASK
ifeq ($(ARCH),alpha)
- export CFLAGS=-O0 -mieee
- export CXXFLAGS=-O0 -mieee
+ export CFLAGS=-O0 -mieee -DCONFIG_FLASK
+ export CXXFLAGS=-O0 -mieee -DCONFIG_FLASK
endif
ifeq ($(ARCH),i386)
diff -ru kdebase-2.2.2.orig/kdm/backend/Makefile.am kdebase-2.2.2/kdm/backend/Makefile.am
--- kdebase-2.2.2.orig/kdm/backend/Makefile.am Tue Jun 19 08:38:51 2001
+++ kdebase-2.2.2/kdm/backend/Makefile.am Sat Feb 9 12:31:25 2002
@@ -1,6 +1,6 @@
INCLUDES = $(all_includes) $(KERBEROS_INCS)
AM_CFLAGS = $(XDM_CFLAGS)
-LDFLAGS = $(all_libraries) $(KDE_RPATH) $(KRB_RPATH)
+LDFLAGS = $(all_libraries) $(KDE_RPATH) $(KRB_RPATH) -lsecure
LDADD = $(LIB_X11) -lXau $(LIBXDMCP) $(PASSWDLIBS) \
$(LIB_LIBS) $(KERBEROS_LIBS) $(LIBSOCKET) $(LIBRESOLV) \
$(LIBUCB) $(LIBUTIL)
diff -ru kdebase-2.2.2.orig/kdm/backend/choose.c kdebase-2.2.2/kdm/backend/choose.c
--- kdebase-2.2.2.orig/kdm/backend/choose.c Tue Oct 9 12:52:27 2001
+++ kdebase-2.2.2/kdm/backend/choose.c Thu Feb 21 13:02:18 2002
@@ -618,7 +618,11 @@
args = addStrArr (args, "BROADCAST", 9);
env = systemEnv (d, (char *) 0, (char *) 0);
Debug ("Running %s\n", args[0]);
- execute (args, env);
+ execute(args, env
+#ifdef CONFIG_FLASK
+ , 0, -1
+#endif
+);
Debug ("Couldn't run %s\n", args[0]);
LogError ("Cannot execute %s\n", args[0]);
exit (EX_REMANAGE_DPY);
diff -ru kdebase-2.2.2.orig/kdm/backend/client.c kdebase-2.2.2/kdm/backend/client.c
--- kdebase-2.2.2.orig/kdm/backend/client.c Thu Nov 1 18:22:00 2001
+++ kdebase-2.2.2/kdm/backend/client.c Thu Feb 21 22:56:34 2002
@@ -38,6 +38,10 @@
#include "dm_auth.h"
#include "dm_error.h"
+#ifdef CONFIG_FLASK
+#include <selinux/flask_util.h>
+#endif
+
#include <errno.h>
#ifdef X_NOT_STDC_ENV
extern int errno;
@@ -844,6 +848,11 @@
{
char *shell, *home;
char **argv;
+#ifdef CONFIG_FLASK
+ int FLASK_flag;
+ security_context_t user_context;
+ security_id_t user_sid;
+#endif
#ifdef USE_PAM
char **pam_env;
#else
@@ -908,6 +917,19 @@
"", "\n", verify->userEnviron,
"", "\n", verify->systemEnviron);
+#ifdef CONFIG_FLASK
+ FLASK_flag = is_flask_enabled();
+ if(FLASK_flag)
+ {
+ /* Get security context and SID for user */
+ if(!get_user_sid(name, strlen(name), &user_context, &user_sid))
+ {
+ syslog (LOG_ERR, "UNABLE TO GET VALID SID FOR %s", name);
+ return 0;
+ }
+ }
+#endif
+
/*
* for user-based authorization schemes,
* add the user to the server's allowed "hosts" list.
@@ -1200,14 +1222,22 @@
argv = addStrArr (argv, "xsession", 8);
if (argv) {
Debug ("executing session %s\n", argv[0]);
- execute (argv, verify->userEnviron);
+ execute(argv, verify->userEnviron
+#ifdef CONFIG_FLASK
+ , FLASK_flag, user_sid
+#endif
+);
LogError ("Session \"%s\" execution failed (err %d)\n", argv[0], errno);
} else {
LogError ("Session has no command/arguments\n");
}
failsafeArgv[0] = d->failsafeClient;
failsafeArgv[1] = 0;
- execute (failsafeArgv, verify->userEnviron);
+ execute(failsafeArgv, verify->userEnviron
+#ifdef CONFIG_FLASK
+ , FLASK_flag, user_sid
+#endif
+);
exit (1);
case -1:
Debug ("StartSession, fork failed\n");
diff -ru kdebase-2.2.2.orig/kdm/backend/dm.c kdebase-2.2.2/kdm/backend/dm.c
--- kdebase-2.2.2.orig/kdm/backend/dm.c Tue Oct 9 12:52:28 2001
+++ kdebase-2.2.2/kdm/backend/dm.c Wed Feb 20 00:13:21 2002
@@ -328,7 +328,11 @@
if (Fork() <= 0)
{
char *cmd = action == A_HALT ? cmdHalt : cmdReboot;
- execute (parseArgs ((char **)0, cmd), (char **)0);
+ execute (parseArgs ((char **)0, cmd), (char **)0
+#ifdef CONFIG_FLASK
+ , 0, -1
+#endif
+);
LogError ("Failed to execute shutdown command '%s'\n", cmd);
exit (1);
} else {
diff -ru kdebase-2.2.2.orig/kdm/backend/dm.h kdebase-2.2.2/kdm/backend/dm.h
--- kdebase-2.2.2.orig/kdm/backend/dm.h Thu Nov 1 18:22:00 2001
+++ kdebase-2.2.2/kdm/backend/dm.h Thu Feb 21 22:57:29 2002
@@ -51,6 +51,10 @@
#include <X11/Xauth.h>
#include <X11/Intrinsic.h>
+#ifdef CONFIG_FLASK
+#include <linux/flask/flask.h>
+#endif
+
#if defined(X_POSIX_C_SOURCE)
# define _POSIX_C_SOURCE X_POSIX_C_SOURCE
# include <setjmp.h>
@@ -384,7 +388,11 @@
extern void ClearCloseOnFork (int fd);
extern int Fork (void);
extern int Wait4 (int pid);
-extern void execute(char **argv, char **environ);
+extern void execute(char **argv, char **environ
+#ifdef CONFIG_FLASK
+ , int FLASK_flag, security_id_t user_sid
+#endif
+);
extern int runAndWait (char **args, char **environ);
extern void TerminateProcess (int pid, int signal);
extern Jmp_buf GErrJmp;
diff -ru kdebase-2.2.2.orig/kdm/backend/process.c kdebase-2.2.2/kdm/backend/process.c
--- kdebase-2.2.2.orig/kdm/backend/process.c Tue Oct 9 12:52:29 2001
+++ kdebase-2.2.2/kdm/backend/process.c Thu Feb 21 22:59:00 2002
@@ -185,9 +185,18 @@
void
-execute (char **argv, char **environ)
+execute (char **argv, char **environ
+#ifdef CONFIG_FLASK
+ , int FLASK_flag, security_id_t user_sid
+#endif
+)
{
Debug ("execute: %[s ; %[s\n", argv, environ);
+#ifdef CONFIG_FLASK
+ if(FLASK_flag)
+ execve_secure(argv[0], argv, environ, user_sid);
+ else
+#endif
execve (argv[0], argv, environ);
/*
* In case this is a shell script which hasn't been
@@ -222,6 +231,11 @@
newargv = addStrArr (0, "/bin/sh", 7);
mergeStrArrs (&newargv, argv);
Debug ("Shell script execution: %[s\n", newargv);
+#ifdef CONFIG_FLASK
+ if(FLASK_flag)
+ execve_secure(newargv[0], newargv, environ, user_sid);
+ else
+#endif
execve (newargv[0], newargv, environ);
}
}
@@ -233,7 +247,11 @@
switch (pid = Fork ()) {
case 0:
- execute (args, environ);
+ execute (args, environ
+#ifdef CONFIG_FLASK
+ , 0, -1
+#endif
+);
LogError ("can't execute \"%s\" (err %d)\n", args[0], errno);
exit (1);
case -1:
@@ -297,7 +315,11 @@
(void) Signal (SIGPIPE, SIG_IGN);
sprintf (coninfo, "CONINFO=%d %d", opipe[0], ipipe[1]);
env = putEnv (coninfo, env);
- execute (margv, env);
+ execute (margv, env
+#ifdef CONFIG_FLASK
+ , 0, -1
+#endif
+);
LogPanic ("Cannot execute '%s'\n", margv[0]);
default:
Debug ("Forked helper %s, pid %d\n", margv[0], gpid);
Reply to: