TOMOYO
ForkHello.
TOMOYO Linux 1.6.8 was released. This release includes several bug fixes and
one enhancement.
Below is the list of changes regarding ccs-patch package.
(1) ENHANCEMENT: New condition "symlink.target" was added to "if" clause.
Until now, "allow_symlink" keyword allows creation of a symlink but does
not check the symlink's target. Usually it is no problem because
permission checks are done using dereferenced pathname. But in some
cases, we should restrict the symlink's target. For example,
"ln -s .htpasswd /var/www/html/readme.html" by CGI program should be
blocked because we will allow Apache to read both
/var/www/html/readme.html and /var/www/html/.htpasswd .
Thus, I added new condition, "symlink.target".
allow_symlink /var/www/html/\*.html if symlink.target="\*.html"
allow_symlink /var/www/html/\*\-.\* if symlink.target="\*\-.\*"
(2) BUGFIX: Don't call get_fs_type() with a mutex held.
Until now, when ccs_update_mount_acl() is called with unsupported
filesystem, /sbin/modprobe is executed from get_fs_type() to load
filesystem module. And get_fs_type() does not return until /sbin/modprobe
finishes.
This means that it will cause deadlock if /sbin/modprobe (which is
executed via get_fs_type() in ccs_update_mount_acl()) calls
ccs_update_mount_acl(); although it won't happen unless an administrator
inserts execute_handler to call mount() requests in learning mode or to
add "allow_mount" entries to /proc/ccs/system_policy .
I modified to unlock the mutex before calling get_fs_type().
(3) CHANGE: Don't return -EAGAIN when incoming packet was filtered.
It turned out that it is not permitted for accept() and recvmsg() to
return -EAGAIN if poll() said connections/datagrams are ready. However,
recvmsg() may return -EAGAIN and potentially confuse some applications
because ccs_socket_recvmsg_permission() is returning -EAGAIN.
Thus, I modified ccs_socket_recvmsg_permission() to return -ENOMEM
rather than -EAGAIN.
(4) NOTICE: ccs-patch-\*.diff until TOMOYO 1.6.7 is no longer applicable for
TOMOYO 1.6.8 .
Since 1.5.0, I was doing network access control for incoming UDP and RAW
packets inside skb_recv_datagram(). But I received a comment that I should
not perform protocol specific test inside skb_recv_datagram(). Therefore,
I moved ccs_recv_datagram_permission() hook from skb_recv_datagram() to
udp_recvmsg()/udpv6_recvmsg()/raw_recvmsg()/rawv6_recvmsg() with name
change to ccs_recvmsg_permission().
This means that ccs-patch-\*.diff until TOMOYO 1.6.7 is no longer
applicable for TOMOYO 1.6.8 and vice versa. If you have problems in
modifying ccs-patch-\*.diff for TOMOYO 1.6.8 , feel free to ask me.
(5) BUGFIX: Fix IPv4's "address_group" handling error.
Since 1.6.5 , due to lack of ntohl() (byte order conversion) in
ccs_update_address_group_entry(), "address_group" with IPv4 address was
not working.
This problem happens on little endian platforms (e.g. x86).
This bug was fixed in ccs-patch-1.6.7-20090410.tar.gz .
(6) BUGFIX: Don't print non ASCII printable characters.
ccs_check_mount_permission2() was passing unencoded strings to printk()
and ccs_update_mount_acl() and ccs_check_supervisor(). This may cause
/proc/ccs/system_policy and /proc/ccs/query to contain invalid
characters within a string.
This bug was fixed in ccs-patch-1.6.7-20090410.tar.gz .
(7) CHANGE: Drop "undelete domain" command.
I added "undelete domain" command on 2007/01/19, but never used by policy
management tools. The garbage collector I added on 2007/01/29 will
automatically reuse memory and allow administrators switch domain policy
periodically, provided that the administrator kills processes in old
domains before recreating new domains with the same domainnames.
Thus, I dropped "undelete domain" command.
Below is the list of changes regarding ccs-tools package.
(1) ENHANCEMENT: ccs-ccstree can get information remotely.
ccs-editpolicy-agent now handles requests from ccs-ccstree .
(2) BUGFIX: Don't access system_policy for TOMOYO 2.2.0 .
Error messages were printed when used with TOMOYO Linux 2.2.0
because TOMOYO Linux 2.2.0 does not have
/sys/kernel/security/tomoyo/system_policy interface.
This release contains new patches for pax-linux-2.6.27.10-200812271900 ,
Fedora 11 , CentOS 4.8 and vanilla 2.6.30-rc7 kernel.
Thank you for using TOMOYO Linux.
ccs-patch-1.6.8-20090528.tar.gz MD5: aaafb9cea744c788d9c9d1ea9580b627
ccs-tools-1.6.8-20090528.tar.gz MD5: 6668bf1f20003d36ec55e4d99d883208
By the way, TOMOYO is compact and suits well on embedded systems.
A presentation slide titled "TOMOYO Linux on Android" is available at
http://elinux.org/TomoyoLinux#Presentations .