On Wed, May 14, 2014 at 8:58 AM, Paul Moore <pmoore@xxxxxxxxxx> wrote:
> We presently prevent processes from explicitly setting an arbitrary
> security label on new processes when NO_NEW_PRIVS is enabled; in an
> attempt for more consistency, this patch extends this to prevent
> setting an arbitrary label when the new application lives on a
> filesystem mounted with MNT_NOSUID.
>
> Signed-off-by: Paul Moore <pmoore@xxxxxxxxxx>
> CC: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
> CC: Stephen Smalley <sds@xxxxxxxxxxxxx>
> ---
Acked-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
However: would it pay to move the check above this:
/* Reset exec SID on execve. */
new_tsec->exec_sid = 0;
I suppose that this shouldn't matter: any correct application already
needs to redo setexeccon if it gets an error from execve. Fixing this
for real would probably involve moving that line of code into
selinux_bprm_committed_creds.
--Andy
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
