Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-2.6.16.y 2007-10-18T23:27:51+00:00 2007-10-18T23:27:51+00:00 Stephen Smalley sds@tycho.nsa.gov 2007-10-18T23:27:51+00:00 urn:sha1:d289a630aa101eb5d168f054c96298c87673408e Clear parent death signal on SID transitions to prevent unauthorized signaling between SIDs. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Eric Paris <eparis@parisplace.org> Signed-off-by: James Morris <jmorris@localhost.localdomain> Signed-off-by: Adrian Bunk <bunk@kernel.org> 2007-02-21T00:20:05+00:00 David Howells dhowells@redhat.com 2007-02-21T00:20:05+00:00 urn:sha1:a0cd22f8e3a0cd4f6d8b08103629cbbc29a0c9fb Fix the key serial number collision avoidance code in key_alloc_serial(). This didn't use to be so much of a problem as the key serial numbers were allocated from a simple incremental counter, and it would have to go through two billion keys before it could possibly encounter a collision. However, n that random numbers are used instead, collisions are much more likely. This is fixed by finding a hole in the rbtree where the next unused serial number ought to be and using that by going almost back to the top of the insertion routine and redoing the insertion with the new serial number rathe than trying to be clever and attempting to work out the insertion point pointer directly. This fixes kernel Bugzilla #7727. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Adrian Bunk <bunk@stusta.de> 2006-11-17T16:42:43+00:00 Adrian Bunk bunk@stusta.de 2006-11-17T16:42:43+00:00 urn:sha1:e6169b53986005dff5307cc8ac1f555334073d09 initlvl=2 in seclvl gives the guarantee "Cannot decrement the system time". But it was possible to set the time to the maximum unixtime value (19 Jan 2038) resulting in a wrap to the minimum value. This patch fixes this by disallowing setting the time to any date after 2030 with initlvl=2. Signed-off-by: Adrian Bunk <bunk@stusta.de> 2006-05-20T22:00:31+00:00 Serge E. Hallyn serue@us.ibm.com 2006-05-15T16:43:48+00:00 urn:sha1:3220ee4a7afa92cc7315f9f74b64bb8a7f9b1320 Check for NULL kmalloc return value before writing to it. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Acked-by: James Morris <jmorris@namei.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2006-04-24T16:56:04+00:00 Ron Yorston rmy@tigress.co.uk 2006-04-19T05:21:04+00:00 urn:sha1:00905d543081c11b3823577b951e22fdf3260477 Fix an off-by-one error in the MLS compatibility code that was causing contexts with a MLS suffix to be rejected, preventing sharing partitions between FC4 and FC5. Bug reported in https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188068 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2006-04-11T04:48:21+00:00 David Howells dhowells@redhat.com 2006-04-10T17:01:40+00:00 urn:sha1:5494bd6a500cc7c5a502279eabfbdacccd4b89d1 This fixes the problem of an oops occuring when a user attempts to add a key to a non-keyring key [CVE-2006-1522]. The problem is that __keyring_search_one() doesn't check that the keyring it's been given is actually a keyring. I've fixed this problem by: (1) declaring that caller of __keyring_search_one() must guarantee that the keyring is a keyring; and (2) making key_create_or_update() check that the keyring is a keyring, and return -ENOTDIR if it isn't. This can be tested by: keyctl add user b b `keyctl add user a a @s` Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2006-03-11T17:19:34+00:00 Stephen Smalley sds@tycho.nsa.gov 2006-03-11T11:27:16+00:00 urn:sha1:341c2d806b71cc3596afeb2d9bd26cd718e75202 Fix SELinux to not reset the tracer SID when the child is already being traced, since selinux_ptrace is also called by proc for access checking outside of the context of a ptrace attach. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Acked-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 2006-02-08T00:12:33+00:00 Stephen Smalley sds@tycho.nsa.gov 2006-02-07T20:58:51+00:00 urn:sha1:99f6d61bda82d09b2d94414d413d39f66a0b7da2 Make SELinux depend on AUDIT as it requires the basic audit support to log permission denials at all. Note that AUDITSYSCALL remains optional for SELinux, although it can be useful in providing further information upon denials. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 2006-02-05T19:06:52+00:00 Stephen Smalley sds@tycho.nsa.gov 2006-02-05T07:27:50+00:00 urn:sha1:c2b507fda390b8ae90deba9b8cdc3fe727482193 Make SELinux depend on SECURITY_NETWORK (which depends on SECURITY), as it requires the socket hooks for proper operation even in the local case. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 2006-02-03T16:32:10+00:00 Davi Arnaut davi.arnaut@gmail.com 2006-02-03T11:04:46+00:00 urn:sha1:6d94074f0804143eac6bce72dc04447c0040e7d8 In the small window between strnlen_user() and copy_from_user() userspace could alter the terminating `\0' character. Signed-off-by: Davi Arnaut <davi.arnaut@gmail.com> Cc: David Howells <dhowells@redhat.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>