[PATCH][SELINUX] Fix selinux_setprocattr
From: Stephen Smalley
Date: Tue Mar 08 2005 - 09:44:56 EST
This patch against 2.6.11-mm2 changes the selinux_setprocattr hook function (which
handles writes to nodes in the /proc/pid/attr directory) to ignore an
optional terminating newline at the end of the value, and to handle a
value beginning with a newline or a null in the same manner as a zero
length value (clearing the attribute for the process and resetting it
to using the default policy behavior). This change is to address the
divergence from POSIX in the existing API, as POSIX says that write(2)
with a zero count will return zero with no other effect, as well as to
simplify use of the API from scripts (although that isn't
recommended). Please apply.
Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
Signed-off-by: James Morris <jmorris@xxxxxxxxxx>
security/selinux/hooks.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff -X /home/sds/dontdiff -ru linux-2.6.11-mm2/security/selinux/hooks.c linux-2.6.11-mm2-sel/security/selinux/hooks.c
--- linux-2.6.11-mm2/security/selinux/hooks.c 2005-03-08 08:43:52.867139656 -0500
+++ linux-2.6.11-mm2-sel/security/selinux/hooks.c 2005-03-08 08:44:02.733639720 -0500
@@ -4106,6 +4106,7 @@
struct task_security_struct *tsec;
u32 sid = 0;
int error;
+ char *str = value;
if (current != p) {
/* SELinux only allows a process to change its own
@@ -4130,8 +4131,11 @@
return error;
/* Obtain a SID for the context, if one was specified. */
- if (size) {
- int error;
+ if (size && str[1] && str[1] != '\n') {
+ if (str[size-1] == '\n') {
+ str[size-1] = 0;
+ size--;
+ }
error = security_context_to_sid(value, size, &sid);
if (error)
return error;
--
Stephen Smalley <sds@xxxxxxxxxxxxx>
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/