Paul Moore a3727a8bac selinux,smack: fix subjective/objective credential use mixups ... Jann Horn reported a problem with commit eb1231f73c ("selinux: clarify task subjective and objective credentials") where some LSM hooks were attempting to access the subjective credentials of a task other than the current task. Generally speaking, it is not safe to access another task's subjective credentials and doing so can cause a number of problems. Further, while looking into the problem, I realized that Smack was suffering from a similar problem brought about by a similar commit 1fb057dcde ("smack: differentiate between subjective and objective task credentials"). This patch addresses this problem by restoring the use of the task's objective credentials in those cases where the task is other than the current executing task. Not only does this resolve the problem reported by Jann, it is arguably the correct thing to do in these cases. Cc: stable@vger.kernel.org Fixes: eb1231f73c ("selinux: clarify task subjective and objective credentials") Fixes: 1fb057dcde ("smack: differentiate between subjective and objective task credentials") Reported-by: Jann Horn <jannh@google.com> Acked-by: Eric W. Biederman <ebiederm@xmission.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com>		2021-09-23 12:30:59 -04:00
..
apparmor
bpf
integrity	integrity-v5.15	2021-09-02 12:51:41 -07:00
keys
landlock
loadpin
lockdown
safesetid
selinux	selinux,smack: fix subjective/objective credential use mixups	2021-09-23 12:30:59 -04:00
smack	selinux,smack: fix subjective/objective credential use mixups	2021-09-23 12:30:59 -04:00
tomoyo	mm/pagemap: add mmap_assert_locked() annotations to find_vma*()	2021-09-03 09:58:13 -07:00
yama
commoncap.c
device_cgroup.c
inode.c
Kconfig
Kconfig.hardening
lsm_audit.c
Makefile	security: remove unneeded subdir-$(CONFIG_...)	2021-09-03 08:17:20 +09:00
min_addr.c
security.c	bpf: Add lockdown check for probe_write_user helper	2021-08-10 10:10:10 +02:00