mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/security/smack
History
Stephen Smalley ab83798bd5 security,selinux,smack: kill security_task_wait hook 
commit 3a2f5a59a6 upstream.

As reported by yangshukui, a permission denial from security_task_wait()
can lead to a soft lockup in zap_pid_ns_processes() since it only expects
sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can
in general lead to zombies; in the absence of some way to automatically
reparent a child process upon a denial, the hook is not useful.  Remove
the security hook and its implementations in SELinux and Smack.  Smack
already removed its check from its hook.

Reported-by: yangshukui <yangshukui@huawei.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Alexander Grund <theflamefire89@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2022-07-29 17:05:44 +02:00
..
Kconfig Smack: Signal delivery as an append operation 2016-09-08 13:22:56 -07:00
Makefile
smack.h Smack: Signal delivery as an append operation 2016-09-08 13:22:56 -07:00
smack_access.c Smack: Fix wrong semantics in smk_access_entry() 2021-09-22 11:43:04 +02:00
smack_lsm.c security,selinux,smack: kill security_task_wait hook 2022-07-29 17:05:44 +02:00
smack_netfilter.c security: Use IS_ENABLED() instead of checking for built-in or module 2016-08-08 13:08:25 -04:00
smackfs.c smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi 2021-11-26 11:48:35 +01:00