lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20120711095030.f2db0ed9.akpm@linux-foundation.org>
Date:	Wed, 11 Jul 2012 09:50:30 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	James Morris <jmorris@...ei.org>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Eric Paris <eparis@...hat.com>,
	Stephen Smalley <sds@...ho.nsa.gov>,
	linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT] selinux: fix regression

On Thu, 12 Jul 2012 02:11:53 +1000 (EST) James Morris <jmorris@...ei.org> wrote:

> Please pull.
> 
> The following changes since commit 055c9fa8874fa7261eec7a268366565db84af474:
>   Linus Torvalds (1):
>         Merge tag 'fixes-for-v3.5' of git://git.kernel.org/.../linusw/linux-gpio
> 
> are available in the git repository at:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus
> 
> Andrew Morton (1):
>       selinux: fix regression in selinux_inode_setattr()
> 
>  security/selinux/hooks.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> commit 17c284ce9688ece1fff024ef4a66f8f115017c06
> Author: Andrew Morton <akpm@...ux-foundation.org>
> Date:   Tue Jul 10 23:24:24 2012 -0700
> 
>     selinux: fix regression in selinux_inode_setattr()
>     
>     akpm: This patch is needed to fix a box-killing post-3.4 X11 regression on
>     my test machine.
>     
>     Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
>     Signed-off-by: James Morris <james.l.morris@...cle.com>
> 
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 372ec65..4c62155 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -2717,7 +2717,7 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
>  			ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
>  		return dentry_has_perm(cred, dentry, FILE__SETATTR);
>  
> -	if (ia_valid & ATTR_SIZE)
> +	if ((ia_valid & ATTR_SIZE) && selinux_policycap_openperm)
>  		av |= FILE__OPEN;
>  
>  	return dentry_has_perm(cred, dentry, av);

The patch was authored by eparis, not me.  I don't even know what it does (I
never looked).  But it lets me log into my (old) Fedora test box, which
is a distinct improvement over mainline.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ