linux/security/apparmor, branch v4.7 Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v4.7 2016-07-08T00:26:25Z apparmor: fix oops, validate buffer size in apparmor_setprocattr() 2016-07-08T00:26:25Z Vegard Nossum vegard.nossum@oracle.com 2016-07-07T20:41:11Z urn:sha1:30a46a4647fd1df9cf52e43bf467f0d9265096ca When proc_pid_attr_write() was changed to use memdup_user apparmor's (interface violating) assumption that the setprocattr buffer was always a single page was violated. The size test is not strictly speaking needed as proc_pid_attr_write() will reject anything larger, but for the sake of robustness we can keep it in. SMACK and SELinux look safe to me, but somebody else should probably have a look just in case. Based on original patch from Vegard Nossum <vegard.nossum@oracle.com> modified for the case that apparmor provides null termination. Fixes: bb646cdb12e75d82258c2f2e7746d5952d3e321a Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: John Johansen <john.johansen@canonical.com> Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Eric Paris <eparis@parisplace.org> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: stable@kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com> constify security_path_{link,rename} 2016-03-28T04:47:36Z Al Viro viro@zeniv.linux.org.uk 2016-03-25T19:27:45Z urn:sha1:3ccee46ab487d5b87d0621824efe2500b2857c58 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> apparmor: remove useless checks for NULL ->mnt 2016-03-28T04:47:28Z Al Viro viro@zeniv.linux.org.uk 2016-03-25T19:22:49Z urn:sha1:8db0185659c33143915768bdd33fc2fb1b1cbb58 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> constify security_path_{mkdir,mknod,symlink} 2016-03-28T04:47:27Z Al Viro viro@zeniv.linux.org.uk 2016-03-25T19:21:09Z urn:sha1:d360775217070ff0f4291e47d3f568f0fe0b7374 ... as well as unix_mknod() and may_o_create() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> constify security_path_{unlink,rmdir} 2016-03-28T04:47:27Z Al Viro viro@zeniv.linux.org.uk 2016-03-25T19:13:39Z urn:sha1:989f74e0500a1e136d369bb619adc22786ea5e68 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> apparmor: constify common_perm_...() 2016-03-28T04:47:26Z Al Viro viro@zeniv.linux.org.uk 2016-03-25T19:10:04Z urn:sha1:d6b49f7ad2f38b5c3af27ac1a6f475b1ec13ea6e Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> apparmor: constify aa_path_link() 2016-03-28T04:47:26Z Al Viro viro@zeniv.linux.org.uk 2016-03-25T19:07:03Z urn:sha1:3539aaf670cdd68a37314cd5db400c0c77287c88 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> apparmor: new helper - common_path_perm() 2016-03-28T04:47:25Z Al Viro viro@zeniv.linux.org.uk 2016-03-25T19:04:36Z urn:sha1:741aca71d61c3485d1e9db3bcea00d4509cf2301 was open-coded in several places... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> constify chmod_common/security_path_chmod 2016-03-28T04:47:25Z Al Viro viro@zeniv.linux.org.uk 2016-03-25T18:56:23Z urn:sha1:be01f9f28e66fa846f02196eb047c6bc445642db Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> constify chown_common/security_path_chown 2016-03-28T04:47:24Z Al Viro viro@zeniv.linux.org.uk 2016-03-25T18:44:41Z urn:sha1:7fd25dac9ad3970bede16f2834daf9f9d779d1b0 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>