Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/security/root_plug.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * Root Plug sample LSM module 3 * 4 * Originally written for a Linux Journal. 5 * 6 * Copyright (C) 2002 Greg Kroah-Hartman <greg@kroah.com> 7 * 8 * Prevents any programs running with egid == 0 if a specific USB device 9 * is not present in the system. Yes, it can be gotten around, but is a 10 * nice starting point for people to play with, and learn the LSM 11 * interface. 12 * 13 * If you want to turn this into something with a semblance of security, 14 * you need to hook the task_* functions also. 15 * 16 * See http://www.linuxjournal.com/article.php?sid=6279 for more information 17 * about this code. 18 * 19 * This program is free software; you can redistribute it and/or 20 * modify it under the terms of the GNU General Public License as 21 * published by the Free Software Foundation, version 2 of the 22 * License. 23 */ 24 25 #include <linux/kernel.h> 26 #include <linux/init.h> 27 #include <linux/security.h> 28 #include <linux/usb.h> 29 #include <linux/moduleparam.h> 30 31 /* default is a generic type of usb to serial converter */ 32 static int vendor_id = 0x0557; 33 static int product_id = 0x2008; 34 35 module_param(vendor_id, uint, 0400); 36 module_param(product_id, uint, 0400); 37 38 /* should we print out debug messages */ 39 static int debug = 0; 40 41 module_param(debug, bool, 0600); 42 43 #define MY_NAME "root_plug" 44 45 #define root_dbg(fmt, arg...) \ 46 do { \ 47 if (debug) \ 48 printk(KERN_DEBUG "%s: %s: " fmt , \ 49 MY_NAME , __func__ , \ 50 ## arg); \ 51 } while (0) 52 53 static int rootplug_bprm_check_security (struct linux_binprm *bprm) 54 { 55 struct usb_device *dev; 56 57 root_dbg("file %s, e_uid = %d, e_gid = %d\n", 58 bprm->filename, bprm->cred->euid, bprm->cred->egid); 59 60 if (bprm->cred->egid == 0) { 61 dev = usb_find_device(vendor_id, product_id); 62 if (!dev) { 63 root_dbg("e_gid = 0, and device not found, " 64 "task not allowed to run...\n"); 65 return -EPERM; 66 } 67 usb_put_dev(dev); 68 } 69 70 return 0; 71 } 72 73 static struct security_operations rootplug_security_ops = { 74 .bprm_check_security = rootplug_bprm_check_security, 75 }; 76 77 static int __init rootplug_init (void) 78 { 79 /* register ourselves with the security framework */ 80 if (register_security (&rootplug_security_ops)) { 81 printk (KERN_INFO 82 "Failure registering Root Plug module with the kernel\n"); 83 return -EINVAL; 84 } 85 printk (KERN_INFO "Root Plug module initialized, " 86 "vendor_id = %4.4x, product id = %4.4x\n", vendor_id, product_id); 87 return 0; 88 } 89 90 security_initcall (rootplug_init);
Cache object: 79494c8a746fef811cc793f43a827dd6
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]