Re: [PATCH] lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/19/21 3:23 PM, Serge E. Hallyn wrote:
> On Fri, Nov 19, 2021 at 05:52:33PM -0500, Paul Moore wrote:
>> On Wed, Sep 29, 2021 at 3:17 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>>>
>>> The security_task_getsecid_subj() LSM hook invites misuse by allowing
>>> callers to specify a task even though the hook is only safe when the
>>> current task is referenced.  Fix this by removing the task_struct
>>> argument to the hook, requiring LSM implementations to use the
>>> current task.  While we are changing the hook declaration we also
>>> rename the function to security_current_getsecid_subj() in an effort
>>> to reinforce that the hook captures the subjective credentials of the
>>> current task and not an arbitrary task on the system.
>>>
>>> Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
> 
> Makes perfect sense given the motivation of 4ebd7651b  :)
> 
> Reviewed-by: Serge Hallyn <serge@xxxxxxxxxx>
> 
> Oh, actually, one question below (cc:ing John explicitly)
> 

<< snip >>

>>> -static void apparmor_task_getsecid(struct task_struct *p, u32 *secid)
>>> +static void apparmor_current_getsecid_subj(u32 *secid)
>>> +{
>>> +       struct aa_label *label = aa_get_task_label(current);
> 
> Should you use aa_get_current_label() here instead?
> 

yes, that would be better





[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux