lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <2ee5e7afe18baa68bc8042f2ec84265d54ecbdbb.1485514374.git.jslaby@suse.cz>
Date:   Fri, 27 Jan 2017 11:55:38 +0100
From:   Jiri Slaby <jslaby@...e.cz>
To:     stable@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org,
        John Johansen <john.johansen@...onical.com>,
        Jiri Slaby <jslaby@...e.cz>
Subject: [PATCH 3.12 205/235] apparmor: exec should not be returning ENOENT when it denies

From: John Johansen <john.johansen@...onical.com>

3.12-stable review patch.  If anyone has any objections, please let me know.

===============

commit 9049a7922124d843a2cd26a02b1d00a17596ec0c upstream.

The current behavior is confusing as it causes exec failures to report
the executable is missing instead of identifying that apparmor
caused the failure.

Signed-off-by: John Johansen <john.johansen@...onical.com>
Acked-by: Seth Arnold <seth.arnold@...onical.com>
Signed-off-by: Jiri Slaby <jslaby@...e.cz>
---
 security/apparmor/domain.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 0c23888b9816..a59766fe3b7a 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -437,7 +437,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 				new_profile = aa_get_newest_profile(ns->unconfined);
 				info = "ux fallback";
 			} else {
-				error = -ENOENT;
+				error = -EACCES;
 				info = "profile not found";
 				/* remove MAY_EXEC to audit as failure */
 				perms.allow &= ~MAY_EXEC;
-- 
2.11.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ