On Mon, 2008-06-09 at 15:43 -0400, Eric Paris wrote: > The class_to_string array is referenced by tclass. My code mistakenly > was using tclass - 1. If the proceeding class is a userspace class > rather than kernel class this may cause a denial/EINVAL even if unknown > handling is set to allow. The bug shouldn't be allowing excess > priveladges since those are given based on the contents of another array > which should be correctly referenced. > > At this point in time its pretty unlikely this is going to cause > problems. The most recently added kernel classes which could be > affected are association, dccp_socket, and peer. Its pretty unlikely > any policy with handle_unknown=allow doesn't have association and > dccp_socket undefined (they've been around longer than unknown handling) > and peer is conditionalized on a policy cap which should only be defined > if that class exists in policy. > > -Eric James I forgot my signed-off you want to just add it? -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
