On Wed, Sep 29, 2021 at 3:17 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > The security_task_getsecid_subj() LSM hook invites misuse by allowing > callers to specify a task even though the hook is only safe when the > current task is referenced. Fix this by removing the task_struct > argument to the hook, requiring LSM implementations to use the > current task. While we are changing the hook declaration we also > rename the function to security_current_getsecid_subj() in an effort > to reinforce that the hook captures the subjective credentials of the > current task and not an arbitrary task on the system. > > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> > --- > include/linux/lsm_hook_defs.h | 3 +-- > include/linux/lsm_hooks.h | 8 +++----- > include/linux/security.h | 4 ++-- > kernel/audit.c | 4 ++-- > kernel/auditfilter.c | 3 +-- > kernel/auditsc.c | 10 +++++++++- > net/netlabel/netlabel_unlabeled.c | 2 +- > net/netlabel/netlabel_user.h | 2 +- > security/apparmor/lsm.c | 13 ++++++++++--- > security/integrity/ima/ima_appraise.c | 2 +- > security/integrity/ima/ima_main.c | 14 +++++++------- > security/security.c | 6 +++--- > security/selinux/hooks.c | 19 +++---------------- > security/smack/smack.h | 16 ---------------- > security/smack/smack_lsm.c | 9 ++++----- > 15 files changed, 48 insertions(+), 67 deletions(-) FYI, this patch is based on v5.15-rc3 as it needs the LSM subj/obj credential fix present in the v5.15-rcX releases. Applying it on top of previous releases will result in compilation errors. -- paul moore www.paul-moore.com
