lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Feb 2016 19:24:19 +1100 (AEDT) From: James Morris <jmorris@...ei.org> To: Linus Torvalds <torvalds@...ux-foundation.org> cc: linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org Subject: [GIT PULL] SELinux fix for 4.5 Please pull this fix for a bug in SELinux inode label validation. The following changes since commit 5bb9871eb8daa2e6a07caf7aeafbe2d0b3faad8f: Merge tag 'trace-fixes-v4.5-rc5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace (2016-02-25 20:12:09 -0800) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus Andreas Gruenbacher (1): selinux: Don't sleep inside inode_getsecid hook James Morris (1): Merge branch 'stable-4.5' of git://git.infradead.org/users/pcmoore/selinux into for-linus security/selinux/hooks.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) --- commit e817c2f33efb4aa7f02c98dfab9a5f8ff383ea7e Author: Andreas Gruenbacher <agruenba@...hat.com> Date: Thu Feb 18 12:04:08 2016 +0100 selinux: Don't sleep inside inode_getsecid hook The inode_getsecid hook is called from contexts in which sleeping is not allowed, so we cannot revalidate inode security labels from there. Use the non-validating version of inode_security() instead. Reported-by: Benjamin Coddington <bcodding@...hat.com> Signed-off-by: Andreas Gruenbacher <agruenba@...hat.com> Acked-by: Stephen Smalley <sds@...ho.nsa.gov> Signed-off-by: Paul Moore <paul@...l-moore.com> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f8110cf..f1ab715 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3249,7 +3249,7 @@ static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t static void selinux_inode_getsecid(struct inode *inode, u32 *secid) { - struct inode_security_struct *isec = inode_security(inode); + struct inode_security_struct *isec = inode_security_novalidate(inode); *secid = isec->sid; }
Powered by blists - more mailing lists