lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Wed, 26 Aug 2015 09:52:58 +1000 (AEST)
From:	James Morris <jmorris@...ei.org>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
cc:	linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: [GIT PULL] security: fix LSM regression for 4.2

Please pull.

The following changes since commit b1713b135fb1ae4d52531a55f0687f985bffe271:

  Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip (2015-08-25 09:01:05 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus

Jan Beulich (1):
      LSM: restore certain default error codes

 security/security.c |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

---

commit e308fd3bb2e469c4939d3f4bd22b468de3ed04ae
Author: Jan Beulich <JBeulich@...e.com>
Date:   Mon Aug 24 06:22:25 2015 -0600

    LSM: restore certain default error codes
    
    While in most cases commit b1d9e6b064 ("LSM: Switch to lists of hooks")
    retained previous error returns, in three cases it altered them without
    any explanation in the commit message. Restore all of them - in the
    security_old_inode_init_security() case this led to reiserfs using
    uninitialized data, sooner or later crashing the system (the only other
    user of this function - ocfs2 - was unaffected afaict, since it passes
    pre-initialized structures).
    
    Signed-off-by: Jan Beulich <jbeulich@...e.com>
    Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
    Signed-off-by: James Morris <james.l.morris@...cle.com>

diff --git a/security/security.c b/security/security.c
index 595fffa..9942836 100644
--- a/security/security.c
+++ b/security/security.c
@@ -380,8 +380,8 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
 		return 0;
 
 	if (!initxattrs)
-		return call_int_hook(inode_init_security, 0, inode, dir, qstr,
-							 NULL, NULL, NULL);
+		return call_int_hook(inode_init_security, -EOPNOTSUPP, inode,
+				     dir, qstr, NULL, NULL, NULL);
 	memset(new_xattrs, 0, sizeof(new_xattrs));
 	lsm_xattr = new_xattrs;
 	ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr,
@@ -409,8 +409,8 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir,
 {
 	if (unlikely(IS_PRIVATE(inode)))
 		return -EOPNOTSUPP;
-	return call_int_hook(inode_init_security, 0, inode, dir, qstr,
-				name, value, len);
+	return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir,
+			     qstr, name, value, len);
 }
 EXPORT_SYMBOL(security_old_inode_init_security);
 
@@ -1281,7 +1281,8 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
 
 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
 {
-	return call_int_hook(socket_getpeersec_dgram, 0, sock, skb, secid);
+	return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock,
+			     skb, secid);
 }
 EXPORT_SYMBOL(security_socket_getpeersec_dgram);
 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ