On Wed, May 14, 2014 at 9:16 AM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > On Wed, May 14, 2014 at 8:58 AM, Paul Moore <pmoore@xxxxxxxxxx> wrote: >> We presently prevent processes from explicitly setting an arbitrary >> security label on new processes when NO_NEW_PRIVS is enabled; in an >> attempt for more consistency, this patch extends this to prevent >> setting an arbitrary label when the new application lives on a >> filesystem mounted with MNT_NOSUID. >> >> Signed-off-by: Paul Moore <pmoore@xxxxxxxxxx> >> CC: Andy Lutomirski <luto@xxxxxxxxxxxxxx> >> CC: Stephen Smalley <sds@xxxxxxxxxxxxx> >> --- > > Acked-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx> > > However: would it pay to move the check above this: > > /* Reset exec SID on execve. */ > new_tsec->exec_sid = 0; > > I suppose that this shouldn't matter: any correct application already > needs to redo setexeccon if it gets an error from execve. Fixing this > for real would probably involve moving that line of code into > selinux_bprm_committed_creds. I'm also unconvinced by the subject line -- would "selinux: return an error when rejecting settexeccon on MNT_NOSUID applications" be better? --Andy _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
