Re: Q: selinux_bprm_committed_creds() && signals/do_wait

[James Morris]

On Wed, 29 Apr 2009, Oleg Nesterov wrote:

> On 04/29, David Howells wrote:
> >
> > From: David Howells <dhowells@xxxxxxxxxx>
> > Subject: [PATCH] SELinux: Don't flush inherited SIGKILL during execve()
> >
> > Don't flush inherited SIGKILL during execve() in SELinux's post cred commit
> > hook.  This isn't really a security problem: if the SIGKILL came before the
> > credentials were changed, then we were right to receive it at the time, and
> > should honour it; if it came after the creds were changed, then we definitely
> > should honour it; and in any case, all that will happen is that the process
> > will be scrapped before it ever returns to userspace.
> >
> > Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
> 
> Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx>

Applied to 
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next


-- 
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/