[patch] root_plug improvement

[Fred Emmott]

This patch makes the root_plug LSM module also check the serial number of the 
USB device. Without this, it's possible to use another USB device of the same 
brand + model as a root_plug device.

I am not familiar with the module interface, and have not added a paramater 
for specifying the serial_number, so it must be specified at compile time.

Sorry if this is the wrong place to send this.

--- root_plug.c.orig 2004-11-25 18:05:30.000000000 +0000
+++ root_plug.c 2004-11-25 18:06:45.000000000 +0000
@@ -35,6 +36,7 @@
 /* default is a generic type of usb to serial converter */
 static int vendor_id = 0x0557;
 static int product_id = 0x2008;
+char *serial_number = "ENTER_ID_HERE";
 
 module_param(vendor_id, uint, 0400);
 MODULE_PARM_DESC(vendor_id, "USB Vendor ID of device to look for");
@@ -65,7 +67,9 @@
 static int rootplug_bprm_check_security (struct linux_binprm *bprm)
 {
  struct usb_device *dev;
-
+ char* buf;
+ buf = kmalloc(128, GFP_KERNEL);
+ 
  root_dbg("file %s, e_uid = %d, e_gid = %d\n",
    bprm->filename, bprm->e_uid, bprm->e_gid);
 
@@ -76,6 +80,15 @@
      "task not allowed to run...\n");
    return -EPERM;
   }
+  else {
+   usb_string(dev, dev->descriptor.iSerialNumber, buf, 128);
+   if (strcmp(buf, serial_number) != 0)
+   {
+    root_dbg("e_gid = 0, and device found, "
+     "but bad serial number...\n");
+    return -EPERM;
+   }
+  }
   usb_put_dev(dev);
  }

-- 
Fred Emmott
(http://www.fredemmott.co.uk)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/