On Fri, Nov 19, 2021 at 7:42 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > > On 11/19/2021 2:52 PM, Paul Moore wrote: > > On Wed, Sep 29, 2021 at 3:17 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > >> The security_task_getsecid_subj() LSM hook invites misuse by allowing > >> callers to specify a task even though the hook is only safe when the > >> current task is referenced. Fix this by removing the task_struct > >> argument to the hook, requiring LSM implementations to use the > >> current task. While we are changing the hook declaration we also > >> rename the function to security_current_getsecid_subj() in an effort > >> to reinforce that the hook captures the subjective credentials of the > >> current task and not an arbitrary task on the system. > >> > >> Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> > >> --- > >> include/linux/lsm_hook_defs.h | 3 +-- > >> include/linux/lsm_hooks.h | 8 +++----- > >> include/linux/security.h | 4 ++-- > >> kernel/audit.c | 4 ++-- > >> kernel/auditfilter.c | 3 +-- > >> kernel/auditsc.c | 10 +++++++++- > >> net/netlabel/netlabel_unlabeled.c | 2 +- > >> net/netlabel/netlabel_user.h | 2 +- > >> security/apparmor/lsm.c | 13 ++++++++++--- > >> security/integrity/ima/ima_appraise.c | 2 +- > >> security/integrity/ima/ima_main.c | 14 +++++++------- > >> security/security.c | 6 +++--- > >> security/selinux/hooks.c | 19 +++---------------- > >> security/smack/smack.h | 16 ---------------- > >> security/smack/smack_lsm.c | 9 ++++----- > >> 15 files changed, 48 insertions(+), 67 deletions(-) > > I never saw any comments, positive or negative, on this patch so I'll > > plan on merging it early next week. If you've got objections, now is > > the time to speak up. > > It's OK by me. > > Reviewed-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> Thanks Casey. Are you okay with the AppArmor tweak mentioned by Serge and John? -- paul moore www.paul-moore.com
