| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9ebb0de0d0a7b889b70e083a99c59d13@paul-moore.com>
Date: Tue, 14 Oct 2025 19:13:01 -0400
From: Paul Moore <paul@...l-moore.com>
To: Casey Schaufler <casey@...aufler-ca.com>, casey@...aufler-ca.com, eparis@...hat.com, linux-security-module@...r.kernel.org, audit@...r.kernel.org
Cc: jmorris@...ei.org, serge@...lyn.com, keescook@...omium.org, john.johansen@...onical.com, penguin-kernel@...ove.sakura.ne.jp, stephen.smalley.work@...il.com, linux-kernel@...r.kernel.org, selinux@...r.kernel.org
Subject: Re: [PATCH RFC 13/15] LSM: restrict security_cred_getsecid() to a single LSM
On Jun 21, 2025 Casey Schaufler <casey@...aufler-ca.com> wrote:
>
> The LSM hook security_cred_getsecid() provides a single secid
> that is only used by the binder driver. Provide the first value
> available, and abandon any other hooks.
>
> Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
> ---
> security/security.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/security/security.c b/security/security.c
> index dd167a872248..409b1cb10d35 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -2740,8 +2740,13 @@ void security_transfer_creds(struct cred *new, const struct cred *old)
> */
> void security_cred_getsecid(const struct cred *c, u32 *secid)
> {
> + struct lsm_static_call *scall;
> +
> *secid = 0;
> - call_void_hook(cred_getsecid, c, secid);
> + lsm_for_each_hook(scall, cred_getsecid) {
> + scall->hl->hook.cred_getsecid(c, secid);
> + break;
> + }
> }
> EXPORT_SYMBOL(security_cred_getsecid);
Another case of "would this be painful to do at registration time?"
--
paul-moore.com
Powered by blists - more mailing lists