> | A trusted path is one that is inside is a root owned directory that
> | is not group or world writable. /bin, /usr/bin, /usr/local/bin, are
> | (under normal circumstances) considered trusted. Any non-root
> | users home directory is not trusted, nor is /tmp.
You need the entire path to be r
As was pointed out to me, the first grsecurity's implementation of TPE
date back to earlier days (before Git was used for Linux):
https://github.com/linux-scraping/grsecurity-patches/blob/master/grsec-2.4.5/grsecurity-1.4-LIDS-2.4.5.patch
There seem to be multiple implementations inspired by the P
Hi,
If you want to get some information about the history of TPE in
grsecurity, take a look at
https://github.com/linux-scraping/linux-grsecurity/ and run git log
grsecurity/grsec_tpe.c
Here are some links about TPE (before grsecurity used it):
* http://phrack.org/issues/52/6.html#article
* http:
On 06/04/2017 01:47 AM, Eric Biggers wrote:
On Sun, Jun 04, 2017 at 01:24:13AM -0400, Matt Brown wrote:
On 06/03/2017 02:33 AM, Al Viro wrote:
On Sat, Jun 03, 2017 at 01:53:51AM -0400, Matt Brown wrote:
+static int tpe_bprm_set_creds(struct linux_binprm *bprm)
+{
+ struct file *file = b
On Sun, Jun 04, 2017 at 01:24:13AM -0400, Matt Brown wrote:
> On 06/03/2017 02:33 AM, Al Viro wrote:
> > On Sat, Jun 03, 2017 at 01:53:51AM -0400, Matt Brown wrote:
> >
> > > +static int tpe_bprm_set_creds(struct linux_binprm *bprm)
> > > +{
> > > + struct file *file = bprm->file;
> > > + struct i
On Sun, Jun 04, 2017 at 01:24:13AM -0400, Matt Brown wrote:
> On 06/03/2017 02:33 AM, Al Viro wrote:
> > On Sat, Jun 03, 2017 at 01:53:51AM -0400, Matt Brown wrote:
> >
> > > +static int tpe_bprm_set_creds(struct linux_binprm *bprm)
> > > +{
> > > + struct file *file = bprm->file;
> > > + struct i
On 06/03/2017 02:33 AM, Al Viro wrote:
On Sat, Jun 03, 2017 at 01:53:51AM -0400, Matt Brown wrote:
+static int tpe_bprm_set_creds(struct linux_binprm *bprm)
+{
+ struct file *file = bprm->file;
+ struct inode *inode = d_backing_inode(file->f_path.dentry->d_parent);
+ struct in
On 06/03/2017 06:39 AM, Jann Horn wrote:
On Sat, Jun 3, 2017 at 7:53 AM, Matt Brown wrote:
This patch was modified from Brad Spengler's Trusted Path Execution (TPE)
feature in Grsecurity and also incorporates logging ideas from
cormander's tpe-lkm.
Modifications from the Grsecurity implementat
On Sat, Jun 3, 2017 at 7:53 AM, Matt Brown wrote:
> This patch was modified from Brad Spengler's Trusted Path Execution (TPE)
> feature in Grsecurity and also incorporates logging ideas from
> cormander's tpe-lkm.
>
> Modifications from the Grsecurity implementation of TPE were made to
> turn it i
On Sat, Jun 03, 2017 at 01:53:51AM -0400, Matt Brown wrote:
> +static int tpe_bprm_set_creds(struct linux_binprm *bprm)
> +{
> + struct file *file = bprm->file;
> + struct inode *inode = d_backing_inode(file->f_path.dentry->d_parent);
> + struct inode *file_inode = d_backing_inode(file
This patch was modified from Brad Spengler's Trusted Path Execution (TPE)
feature in Grsecurity and also incorporates logging ideas from
cormander's tpe-lkm.
Modifications from the Grsecurity implementation of TPE were made to
turn it into a stackable LSM using the existing LSM hook bprm_set_creds
11 matches
Mail list logo
