[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Jul 2016 18:19:07 +0000
From: "Reshetova, Elena" <elena.reshetova@...el.com>
To: Jann Horn <jann@...jh.net>, "kernel-hardening@...ts.openwall.com"
<kernel-hardening@...ts.openwall.com>
CC: "linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>, "keescook@...omium.org"
<keescook@...omium.org>, "spender@...ecurity.net" <spender@...ecurity.net>,
"jmorris@...ei.org" <jmorris@...ei.org>, "Schaufler, Casey"
<casey.schaufler@...el.com>, "Leibowitz, Michael"
<michael.leibowitz@...el.com>, "Roberts, William C"
<william.c.roberts@...el.com>
Subject: RE: [RFC] [PATCH 3/5] sb_unsharefs LSM hook
>On Fri, Jul 29, 2016 at 10:34:38AM +0300, Elena Reshetova wrote:
> This adds a new security_sb_unsharefs() LSM hook.
> It can be used by LSMs concerned about unsharefs() system call.
>
> Signed-off-by: Elena Reshetova <elena.reshetova@...el.com>
> ---
[...]
> @@ -132,11 +133,15 @@ int unshare_fs_struct(void) {
> struct fs_struct *fs = current->fs;
> struct fs_struct *new_fs = copy_fs_struct(fs);
> - int kill;
> + int kill, retval;
>
> if (!new_fs)
> return -ENOMEM;
>
> + retval = security_sb_unsharefs(&new_fs->root);
> + if (retval)
> + return retval;
>Oh, and this is a memory leak. If copy_fs_struct() succeeds but
>security_sb_unsharefs() fails, new_fs isn't deallocated.
That's true, thank you, missed this. Will fix. I don't fail
security_sb_unsharefs check ever (I use it to update info only), so I missed
it fully.
Download attachment "smime.p7s" of type "application/pkcs7-signature" (7586 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
