OSS msnd: fix array overflows
[linux-2.6/kmemtrace.git] / security / root_plug.c
blob870f13095bb65c3cc93d0df568658d191ece74fc
1 /*
2 * Root Plug sample LSM module
4 * Originally written for a Linux Journal.
6 * Copyright (C) 2002 Greg Kroah-Hartman <greg@kroah.com>
8 * Prevents any programs running with egid == 0 if a specific USB device
9 * is not present in the system. Yes, it can be gotten around, but is a
10 * nice starting point for people to play with, and learn the LSM
11 * interface.
13 * If you want to turn this into something with a semblance of security,
14 * you need to hook the task_* functions also.
16 * See http://www.linuxjournal.com/article.php?sid=6279 for more information
17 * about this code.
19 * This program is free software; you can redistribute it and/or
20 * modify it under the terms of the GNU General Public License as
21 * published by the Free Software Foundation, version 2 of the
22 * License.
25 #include <linux/kernel.h>
26 #include <linux/init.h>
27 #include <linux/security.h>
28 #include <linux/usb.h>
29 #include <linux/moduleparam.h>
31 /* flag to keep track of how we were registered */
32 static int secondary;
34 /* default is a generic type of usb to serial converter */
35 static int vendor_id = 0x0557;
36 static int product_id = 0x2008;
38 module_param(vendor_id, uint, 0400);
39 module_param(product_id, uint, 0400);
41 /* should we print out debug messages */
42 static int debug = 0;
44 module_param(debug, bool, 0600);
46 #define MY_NAME "root_plug"
48 #define root_dbg(fmt, arg...) \
49 do { \
50 if (debug) \
51 printk(KERN_DEBUG "%s: %s: " fmt , \
52 MY_NAME , __FUNCTION__ , \
53 ## arg); \
54 } while (0)
56 static int rootplug_bprm_check_security (struct linux_binprm *bprm)
58 struct usb_device *dev;
60 root_dbg("file %s, e_uid = %d, e_gid = %d\n",
61 bprm->filename, bprm->e_uid, bprm->e_gid);
63 if (bprm->e_gid == 0) {
64 dev = usb_find_device(vendor_id, product_id);
65 if (!dev) {
66 root_dbg("e_gid = 0, and device not found, "
67 "task not allowed to run...\n");
68 return -EPERM;
70 usb_put_dev(dev);
73 return 0;
76 static struct security_operations rootplug_security_ops = {
77 /* Use the capability functions for some of the hooks */
78 .ptrace = cap_ptrace,
79 .capget = cap_capget,
80 .capset_check = cap_capset_check,
81 .capset_set = cap_capset_set,
82 .capable = cap_capable,
84 .bprm_apply_creds = cap_bprm_apply_creds,
85 .bprm_set_security = cap_bprm_set_security,
87 .task_post_setuid = cap_task_post_setuid,
88 .task_reparent_to_init = cap_task_reparent_to_init,
90 .bprm_check_security = rootplug_bprm_check_security,
93 static int __init rootplug_init (void)
95 /* register ourselves with the security framework */
96 if (register_security (&rootplug_security_ops)) {
97 printk (KERN_INFO
98 "Failure registering Root Plug module with the kernel\n");
99 /* try registering with primary module */
100 if (mod_reg_security (MY_NAME, &rootplug_security_ops)) {
101 printk (KERN_INFO "Failure registering Root Plug "
102 " module with primary security module.\n");
103 return -EINVAL;
105 secondary = 1;
107 printk (KERN_INFO "Root Plug module initialized, "
108 "vendor_id = %4.4x, product id = %4.4x\n", vendor_id, product_id);
109 return 0;
112 security_initcall (rootplug_init);