On 02/23/2016 12:24 PM, Daniel Cashman wrote:
> From: dcashman <dcashman@xxxxxxxxxxx>
>
> getpidcon documentation does not specify that a pid of 0 refers to the
> current process, and getcon exists specifically to provide this
> functionality, and getpidcon(getpid()) would provide it as well.
> Disallow pid values <= 0 that may lead to unintended behavior in
> userspace object managers.
>
> Signed-off-by: Daniel Cashman <dcashman@xxxxxxxxxxx>
> ---
> libselinux/src/procattr.c | 14 ++++++++++++--
> 1 file changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
> index c20f003..eee4612 100644
> --- a/libselinux/src/procattr.c
> +++ b/libselinux/src/procattr.c
> @@ -306,11 +306,21 @@ static int setprocattrcon(const char * context,
> #define getpidattr_def(fn, attr) \
> int get##fn##_raw(pid_t pid, char **c) \
> { \
> - return getprocattrcon_raw(c, pid, #attr); \
> + if (pid <= 0) { \
> + errno = EINVAL; \
> + return -1; \
> + } else { \
> + return getprocattrcon_raw(c, pid, #attr); \
> + } \
> } \
> int get##fn(pid_t pid, char **c) \
> { \
> - return getprocattrcon(c, pid, #attr); \
> + if (pid <= 0) { \
> + errno = EINVAL; \
> + return -1; \
> + } else { \
> + return getprocattrcon(c, pid, #attr); \
> + } \
> }
>
> all_selfattr_def(con, current)
>
I need to point out explicitly that this change would, of course, break
the existing ABI and result in a change in behavior for applications
relying on getpidcon(0,) calls to be the same as getcon().
Thanks,
Dan
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
