lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3dd0cabe-2d58-7a3f-087f-84ee4ccb6128@canonical.com>
Date:   Fri, 20 Jul 2018 11:57:20 +0100
From:   Colin Ian King <colin.king@...onical.com>
To:     John Johansen <john.johansen@...onical.com>,
        James Morris <jmorris@...ei.org>,
        "Serge E . Hallyn" <serge@...lyn.com>,
        linux-security-module@...r.kernel.org
Cc:     kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] apparmor: remove redundant pointer 'info'

On 20/07/18 11:31, John Johansen wrote:
> On 07/14/2018 09:19 AM, Colin King wrote:
>> From: Colin Ian King <colin.king@...onical.com>
>>
>> Pointer 'info' is being assigned but is never used hence it is
>> redundant and can be removed.
>>
>> Cleans up clang warning:
>> warning: variable 'info' set but not used [-Wunused-but-set-variable]
>>
> NAK,
> 
> real problem wrong fix, instead of deleting the additional context info
> we need to be auditing it

Ah, thanks for fixing that.

Colin

> 
> diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
> index 098d546d8253..08c88de0ffda 100644
> --- a/security/apparmor/domain.c
> +++ b/security/apparmor/domain.c
> @@ -1036,7 +1036,7 @@ static struct aa_label *build_change_hat(struct aa_profile *profile,
>  audit:
>  	aa_audit_file(profile, &nullperms, OP_CHANGE_HAT, AA_MAY_CHANGEHAT,
>  		      name, hat ? hat->base.hname : NULL,
> -		      hat ? &hat->label : NULL, GLOBAL_ROOT_UID, NULL,
> +		      hat ? &hat->label : NULL, GLOBAL_ROOT_UID, info,
>  		      error);
>  	if (!hat || (error && error != -ENOENT))
>  		return ERR_PTR(error);
> 
> I pushed this fix into apparmor-next
> 
> 
> 
>> Signed-off-by: Colin Ian King <colin.king@...onical.com>
>> ---
>>  security/apparmor/domain.c | 6 +-----
>>  1 file changed, 1 insertion(+), 5 deletions(-)
>>
>> diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
>> index 098d546d8253..410d9ce09861 100644
>> --- a/security/apparmor/domain.c
>> +++ b/security/apparmor/domain.c
>> @@ -1006,7 +1006,6 @@ static struct aa_label *build_change_hat(struct aa_profile *profile,
>>  					 const char *name, bool sibling)
>>  {
>>  	struct aa_profile *root, *hat = NULL;
>> -	const char *info = NULL;
>>  	int error = 0;
>>  
>>  	if (sibling && PROFILE_IS_HAT(profile)) {
>> @@ -1014,7 +1013,6 @@ static struct aa_label *build_change_hat(struct aa_profile *profile,
>>  	} else if (!sibling && !PROFILE_IS_HAT(profile)) {
>>  		root = aa_get_profile(profile);
>>  	} else {
>> -		info = "conflicting target types";
>>  		error = -EPERM;
>>  		goto audit;
>>  	}
>> @@ -1025,10 +1023,8 @@ static struct aa_label *build_change_hat(struct aa_profile *profile,
>>  		if (COMPLAIN_MODE(profile)) {
>>  			hat = aa_new_null_profile(profile, true, name,
>>  						  GFP_KERNEL);
>> -			if (!hat) {
>> -				info = "failed null profile create";
>> +			if (!hat)
>>  				error = -ENOMEM;
>> -			}
>>  		}
>>  	}
>>  	aa_put_profile(root);
>>
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ