On Fri, 19 Apr 2019, Paul Moore wrote: > On Fri, Apr 19, 2019 at 2:55 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > Prevent userspace from changing the the /proc/PID/attr values if the > > task's credentials are currently overriden. This not only makes sense > > conceptually, it also prevents some really bizarre error cases caused > > when trying to commit credentials to a task with overridden > > credentials. > > > > Cc: <stable@xxxxxxxxxxxxxxx> > > Reported-by: "chengjian (D)" <cj.chengjian@xxxxxxxxxx> > > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> > > --- > > fs/proc/base.c | 5 +++++ > > 1 file changed, 5 insertions(+) > > I sent this to the LSM list as I figure it should probably go via > James' linux-security tree since it is cross-LSM and doesn't really > contain any LSM specific code. That said, if you don't want this > James let me know and I'll send it via the SELinux tree assuming I can > get ACKs from John and Casey (this should only affect SELinux, > AppArmor, and Smack). This is fine to go via your tree. Acked-by: James Morris <james.morris@xxxxxxxxxxxxx> -- James Morris <jmorris@xxxxxxxxx>
