[PATCH] smack lsm bug fixes
From: Pankaj Kumar
Date: Mon Feb 17 2014 - 00:36:24 EST
From 8fa425d071b7d4cfdf6bcb89d789138a13529d06 Mon Sep 17 00:00:00 2001
From: Pankaj Kumar <pankaj.k2@xxxxxxxxxxx>
Date: Mon, 17 Feb 2014 10:36:26 +0530
Subject: [PATCH] smack lsm bug fixes
1. In order to remove any SMACK extended attribute from a file, a user
should have CAP_MAC_ADMIN capability. But any user without this
capability is able to remove SMACK64MMAP security attribute. This error
has been corrected by a modification in smack_inode_removexattr hook.
2. While setting extended attribute in smack_inode_setsecurity hook,
'-EACCES' error is returned if extended attribute size or value is not
correct. This is wrong error rather this is invalid extended attribute
case. Corrected error '-EINVAL' shall be returned.
---
security/smack/smack_lsm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 14f52be..e1b1650 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -938,7 +938,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
- strcmp(name, XATTR_NAME_SMACKMMAP)) {
+ strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
if (!smack_privileged(CAP_MAC_ADMIN))
rc = -EPERM;
} else
@@ -2076,7 +2076,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
int rc = 0;
if (value == NULL || size > SMK_LONGLABEL || size == 0)
- return -EACCES;
+ return -EINVAL;
skp = smk_import_entry(value, size);
if (skp == NULL)
--
1.8.1.2
N‹§²æ¸›yú²X¬¶ÇvØ–)Þ{.nlj·¥Š{±‘êX§¶�›¡Ü}©ž²ÆzÚj:+v‰¨¾�«‘êZ+€Êzf£¢·hšˆ§~††Ûÿû®w¥¢¸?™¨è&¢)ß�f”ùy§m…á«a¶Úÿ�0¶ì�å