lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <30fc5b38165e4eda57d640eca76b7df1@paul-moore.com>
Date: Wed, 14 Aug 2024 11:32:08 -0400
From: Paul Moore <paul@...l-moore.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: selinux@...r.kernel.org, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [GIT PULL] selinux/selinux-pr-20240814

Linus,

Three SELinux fixes for v6.11-rcX:

- Fix a xperms counting problem where we adding to the xperms count
  even if we failed to add the xperm.

- Propogate errors from avc_add_xperms_decision() back to the caller
  so that we can trigger the proper cleanup and error handling.

- Revert our use of vma_is_initial_heap() in favor of our older logic
  as vma_is_initial_heap() doesn't correctly handle the no-heap case
  and it is causing issues with the SELinux process/execheap access
  control.  While the older SELinux logic may not be perfect, it
  restores the expected user visible behavior.  Hopefully we will be
  able to resolve the problem with the vma_is_initial_heap() macro
  with the mm folks, but we need to fix this in the meantime.

-Paul

--
The following changes since commit 8400291e289ee6b2bf9779ff1c83a291501f017b:

  Linux 6.11-rc1 (2024-07-28 14:19:55 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
    tags/selinux-pr-20240814

for you to fetch changes up to 05a3d6e9307250a5911d75308e4363466794ab21:

  selinux: revert our use of vma_is_initial_heap()
    (2024-08-08 16:22:47 -0400)

----------------------------------------------------------------
selinux/stable-6.11 PR 20240814

----------------------------------------------------------------
Paul Moore (1):
      selinux: revert our use of vma_is_initial_heap()

Zhen Lei (2):
      selinux: fix potential counting error in
               avc_add_xperms_decision()
      selinux: add the processing of the failure of
               avc_add_xperms_decision()

 security/selinux/avc.c   |  8 ++++++--
 security/selinux/hooks.c | 12 +++++++++++-
 2 files changed, 17 insertions(+), 3 deletions(-)

--
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ