Re: [GIT] Security updates for 3.3: SELinux
From: Eric Paris
Date: Tue Jan 17 2012 - 09:38:45 EST
On Tue, 2012-01-17 at 23:28 +0900, J. R. Okajima wrote:
> James Morris:
> > Eric Paris (12):
> :::
> > capabitlies: ns_capable can use the cap helpers rather than lsm call
>
> After this commit, I am afraid access(2) on NFS may not work correctly.
> The scenario based upon my guess.
> - access(2) overrides the credentials.
> - calls inode_permission() -- ... -- generic_permission() --
> ns_capable().
> - while the old ns_capable() calls security_capable(current_cred()), the
> new ns_capable() calls has_ns_capability(current) --
> security_capable(__task_cred(t)).
>
> current_cred() returns current->cred which is effective (overridden)
> credentials, but __task_cred(current) returns current->real_cred (the
> NFSD's credential). And the overridden credentials by access(2) lost.
>
> Is my guess correct?
Linus please revert d2a7009f0bb03fa22ad08dd25472efa0568126b9
Your explanation seems plausible. I will review the rest and make sure
a similar problem was not introduced elsewhere.
-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/