[<prev] [next>] [day] [month] [year] [list]
Message-id: <DC.EF.14383.B9B1DC25@epcpsbgx3.samsung.com>
Date: Wed, 08 Jan 2014 09:34:19 +0000 (GMT)
From: Pankaj Kumar <pankaj.k2@...sung.com>
To: linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, casey@...aufler-ca.com
Subject: [Patch] Linux Security Module - SMACK bugfix patch
Hi all
Please find attached bugfix patch for SMACK Linux security module.
This patch fixes following bugs in smack_lsm.c file :
1. In order to remove any SMACK extended attribute from a file, a user should have CAP_MAC_ADMIN capability.
But user without this capability is able to remove SMACK64MMAP security attribute.
This error has been corrected by a modification in smack_inode_removexattr SMACK hook.
2. While setting extended attribute in smack_inode_setsecurity hook,
"-EACCES" error is getting returned if extended attribute size or value is not correct.
But this is not correct error to be returned as extended attribute is invalid
so we should return "-EINVAL" error.
To correct this problem now we are returning "-EINVAL" error.
---
security/smack/smack_lsm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index b0be893..b0e6552 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -951,7 +951,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
- strcmp(name, XATTR_NAME_SMACKMMAP)) {
+ strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
if (!smack_privileged(CAP_MAC_ADMIN))
rc = -EPERM;
} else
@@ -2089,7 +2089,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
int rc = 0;
if (value == NULL || size > SMK_LONGLABEL || size == 0)
- return -EACCES;
+ return -EINVAL;
skp = smk_import_entry(value, size);
if (skp == NULL)
--
1.8.1.2
In case of any issue, Please feel free to contact me.
Thanks & Regards
Pankaj Kumar
Download attachment "0001-bugfix-patch-for-SMACK.patch" of type "application/octet-stream" (1505 bytes)
Powered by blists - more mailing lists