On Mon, 9 Jun 2008, Eric Paris wrote: > On Mon, 2008-06-09 at 15:43 -0400, Eric Paris wrote: > > The class_to_string array is referenced by tclass. My code mistakenly > > was using tclass - 1. If the proceeding class is a userspace class > > rather than kernel class this may cause a denial/EINVAL even if unknown > > handling is set to allow. The bug shouldn't be allowing excess > > priveladges since those are given based on the contents of another array > > which should be correctly referenced. > > > > At this point in time its pretty unlikely this is going to cause > > problems. The most recently added kernel classes which could be > > affected are association, dccp_socket, and peer. Its pretty unlikely > > any policy with handle_unknown=allow doesn't have association and > > dccp_socket undefined (they've been around longer than unknown handling) > > and peer is conditionalized on a policy cap which should only be defined > > if that class exists in policy. > > > > -Eric > > James I forgot my signed-off you want to just add it? I'll add it, and queue for 2.6.26. -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
