The patch titled
signals: cleanup security_task_kill() usage/implementation
has been removed from the -mm tree. Its filename was
signals-cleanup-security_task_kill-usage-implementation.patch
This patch was dropped because it was merged into mainline or a subsystem tree
The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/
------------------------------------------------------
Subject: signals: cleanup security_task_kill() usage/implementation
From: Oleg Nesterov <oleg@xxxxxxxxxx>
Every implementation of ->task_kill() does nothing when the signal comes from
the kernel. This is correct, but means that check_kill_permission() should
call security_task_kill() only for SI_FROMUSER() case, and we can remove the
same check from ->task_kill() implementations.
(sadly, check_kill_permission() is the last user of signal->session/__session
but we can't s/task_session_nr/task_session/ here).
NOTE: Eric W. Biederman pointed out cap_task_kill() should die, and I think
he is very right.
Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx>
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Cc: Serge Hallyn <serue@xxxxxxxxxx>
Cc: Roland McGrath <roland@xxxxxxxxxx>
Cc: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Cc: David Quigley <dpquigl@xxxxxxxxxxxxx>
Cc: Eric Paris <eparis@xxxxxxxxxx>
Cc: Harald Welte <laforge@xxxxxxxxxxxx>
Cc: Pavel Emelyanov <xemul@xxxxxxxxxx>
Cc: Stephen Smalley <sds@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
kernel/signal.c | 27 ++++++++++++++-------------
security/selinux/hooks.c | 3 ---
security/smack/smack_lsm.c | 9 ---------
3 files changed, 14 insertions(+), 25 deletions(-)
diff -puN kernel/signal.c~signals-cleanup-security_task_kill-usage-implementation kernel/signal.c
--- a/kernel/signal.c~signals-cleanup-security_task_kill-usage-implementation
+++ a/kernel/signal.c
@@ -533,22 +533,23 @@ static int rm_from_queue(unsigned long m
static int check_kill_permission(int sig, struct siginfo *info,
struct task_struct *t)
{
- int error = -EINVAL;
+ int error;
+
if (!valid_signal(sig))
- return error;
+ return -EINVAL;
- if (info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info))) {
- error = audit_signal_info(sig, t); /* Let audit system see the signal */
- if (error)
- return error;
- error = -EPERM;
- if (((sig != SIGCONT) ||
- (task_session_nr(current) != task_session_nr(t)))
- && (current->euid ^ t->suid) && (current->euid ^ t->uid)
- && (current->uid ^ t->suid) && (current->uid ^ t->uid)
- && !capable(CAP_KILL))
+ if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
+ return 0;
+
+ error = audit_signal_info(sig, t); /* Let audit system see the signal */
+ if (error)
return error;
- }
+
+ if (((sig != SIGCONT) || (task_session_nr(current) != task_session_nr(t)))
+ && (current->euid ^ t->suid) && (current->euid ^ t->uid)
+ && (current->uid ^ t->suid) && (current->uid ^ t->uid)
+ && !capable(CAP_KILL))
+ return -EPERM;
return security_task_kill(t, info, sig, 0);
}
diff -puN security/selinux/hooks.c~signals-cleanup-security_task_kill-usage-implementation security/selinux/hooks.c
--- a/security/selinux/hooks.c~signals-cleanup-security_task_kill-usage-implementation
+++ a/security/selinux/hooks.c
@@ -3286,9 +3286,6 @@ static int selinux_task_kill(struct task
if (rc)
return rc;
- if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
- return 0;
-
if (!sig)
perm = PROCESS__SIGNULL; /* null signal; existence test */
else
diff -puN security/smack/smack_lsm.c~signals-cleanup-security_task_kill-usage-implementation security/smack/smack_lsm.c
--- a/security/smack/smack_lsm.c~signals-cleanup-security_task_kill-usage-implementation
+++ a/security/smack/smack_lsm.c
@@ -1131,15 +1131,6 @@ static int smack_task_kill(struct task_s
int sig, u32 secid)
{
/*
- * Special cases where signals really ought to go through
- * in spite of policy. Stephen Smalley suggests it may
- * make sense to change the caller so that it doesn't
- * bother with the LSM hook in these cases.
- */
- if (info != SEND_SIG_NOINFO &&
- (is_si_special(info) || SI_FROMKERNEL(info)))
- return 0;
- /*
* Sending a signal requires that the sender
* can write the receiver.
*/
_
Patches currently in -mm which might be from oleg@xxxxxxxxxx are
origin.patch
posix-timers-bug-10460-discard-the-pending-signal-when-the-timer-is-destroyed.patch
workqueue-remove-redundant-function-invocation.patch
put_pid-make-sure-we-dont-free-the-live-pid.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
