leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
aeca4e2ca6
linux/security
History
Micah Morton aeca4e2ca6 LSM: add SafeSetID module that gates setid calls 
SafeSetID gates the setid family of syscalls to restrict UID/GID
transitions from a given UID/GID to only those approved by a
system-wide whitelist. These restrictions also prohibit the given
UIDs/GIDs from obtaining auxiliary privileges associated with
CAP_SET{U/G}ID, such as allowing a user to set up user namespace UID
mappings. For now, only gating the set*uid family of syscalls is
supported, with support for set*gid coming in a future patch set.

Signed-off-by: Micah Morton <mortonm@chromium.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.morris@microsoft.com>
2019-01-25 11:22:45 -08:00
..
apparmor apparmor: Adjust offset when accessing task blob. 2019-01-22 14:38:59 -08:00
integrity Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-01-02 11:05:43 -08:00
keys security: keys: annotate implicit fall throughs 2019-01-22 19:47:47 -08:00
loadpin LoadPin: Initialize as ordered LSM 2019-01-08 13:18:43 -08:00
safesetid LSM: add SafeSetID module that gates setid calls 2019-01-25 11:22:45 -08:00
selinux Linux 5.0-rc3 2019-01-22 14:33:10 -08:00
smack LSM: Make lsm_early_cred() and lsm_early_task() local functions. 2019-01-18 11:44:02 -08:00
tomoyo tomoyo: Allow multiple use_group lines. 2019-01-24 14:50:27 -08:00
yama Linux 5.0-rc3 2019-01-22 14:33:10 -08:00
commoncap.c LSM: generalize flag passing to security_capable 2019-01-10 14:16:06 -08:00
device_cgroup.c docs: fix broken references with multiple hints 2018-06-15 18:10:01 -03:00
inode.c security: fs: make inode explicitly non-modular 2018-12-12 14:58:51 -08:00
Kconfig LSM: add SafeSetID module that gates setid calls 2019-01-25 11:22:45 -08:00
lsm_audit.c audit: use inline function to get audit context 2018-05-14 17:24:18 -04:00
Makefile LSM: add SafeSetID module that gates setid calls 2019-01-25 11:22:45 -08:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c Linux 5.0-rc3 2019-01-22 14:33:10 -08:00