mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/security
History
Christian Göttsche 885330095b security: keys: perform capable check only on privileged operations 
[ Upstream commit 2d7f105edb ]

If the current task fails the check for the queried capability via
`capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message.
Issuing such denial messages unnecessarily can lead to a policy author
granting more privileges to a subject than needed to silence them.

Reorder CAP_SYS_ADMIN checks after the check whether the operation is
actually privileged.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-09-23 10:47:58 +02:00
..
apparmor apparmor: Fix abi check to include v8 abi 2023-01-18 11:30:21 +01:00
integrity IMA: allow/fix UML builds 2023-08-30 16:31:43 +02:00
keys security: keys: perform capable check only on privileged operations 2023-09-23 10:47:58 +02:00
loadpin module: replace the existing LSM hook in init_module 2018-07-16 12:31:57 -07:00
selinux selinux: don't use make's grouped targets feature yet 2023-06-09 10:24:03 +02:00
smack Fix incorrect type in assignment of ipv6 port for audit 2022-04-15 14:14:54 +02:00
tomoyo tomoyo: fix broken dependency on *.conf.default 2023-02-06 07:49:37 +01:00
yama Yama: Check for pid death before checking ancestry 2019-01-22 21:40:32 +01:00
Kconfig fortify: Explicitly disable Clang support 2021-11-26 11:36:18 +01:00
Makefile
commoncap.c capabilities: fix potential memleak on error path from vfs_getxattr_alloc() 2022-11-10 17:46:55 +01:00
device_cgroup.c device_cgroup: Roll back to original exceptions after copy failure 2023-01-18 11:30:44 +01:00
inode.c securityfs: fix use-after-free on symlink traversal 2019-05-25 18:23:42 +02:00
lsm_audit.c dump_common_audit_data(): fix racy accesses to ->d_name 2021-01-19 18:22:37 +01:00
min_addr.c
security.c ima: Align ima_file_mmap() parameters with mmap_file LSM hook 2023-03-11 16:31:51 +01:00