lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAHC9VhT3tXt3PaUHtt9MmocVocXu7t3A-zey=UOVufi8vZ_=LA@mail.gmail.com>
Date:   Wed, 30 May 2018 12:28:14 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     selinux@...ho.nsa.gov, linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: [GIT PULL] SELinux fixes for v4.17 (#2)

Hi Linus,

One more small fix for SELinux: a small string length fix found by
KASAN.  I dislike sending patches this late in the release cycle, but
this patch fixes a legitimate problem, is very small, limited in
scope, and well understood.  There are two threads with more
information on the problem, the latest is linked below:

* https://marc.info/?t=152723737400001&r=1&w=2

If you're hesitant to pull this into v4.17 at such a late stage, it
probably isn't going to cause major problems as Stephen points out in
the thread linked above:

 "Such a setxattr() call can only be performed by a process
  with CAP_MAC_ADMIN that is also allowed mac_admin permission
  in SELinux policy. Consequently, this is never possible on
  Android (no process is allowed mac_admin permission, always
  enforcing) and is only possible in Fedora/RHEL for a few
  domains (if enforcing)."

Thanks,
-Paul

--
The following changes since commit 4152dc91b5932e7fe49a5afed62a068b2f31d196:

 selinux: correctly handle sa_family cases in selinux_sctp_bind_connect()
   (2018-05-14 15:20:59 -0400)

are available in the Git repository at:

 git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
   tags/selinux-pr-20180530

for you to fetch changes up to efe3de79e0b52ca281ef6691480c8c68c82a4657:

 selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
   (2018-05-29 20:11:19 -0400)

----------------------------------------------------------------
selinux/stable-4.17 PR 20180530

----------------------------------------------------------------
Sachin Grover (1):
     selinux: KASAN: slab-out-of-bounds in xattr_getsecurity

security/selinux/ss/services.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ