mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-31 08:28:13 +00:00
6326948f94
The security_task_getsecid_subj() LSM hook invites misuse by allowing callers to specify a task even though the hook is only safe when the current task is referenced. Fix this by removing the task_struct argument to the hook, requiring LSM implementations to use the current task. While we are changing the hook declaration we also rename the function to security_current_getsecid_subj() in an effort to reinforce that the hook captures the subjective credentials of the current task and not an arbitrary task on the system. Reviewed-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
---|---|---|
.. | ||
include | ||
.gitignore | ||
apparmorfs.c | ||
audit.c | ||
capability.c | ||
crypto.c | ||
domain.c | ||
file.c | ||
ipc.c | ||
Kconfig | ||
label.c | ||
lib.c | ||
lsm.c | ||
Makefile | ||
match.c | ||
mount.c | ||
net.c | ||
nulldfa.in | ||
path.c | ||
policy.c | ||
policy_ns.c | ||
policy_unpack.c | ||
policy_unpack_test.c | ||
procattr.c | ||
resource.c | ||
secid.c | ||
stacksplitdfa.in | ||
task.c |