hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

selinux: reject setexeccon() on MNT_NOSUID applications with -EACCES 

We presently prevent processes from using setexecon() to set the
security label of exec()'d processes when NO_NEW_PRIVS is enabled by
returning an error; however, we silently ignore setexeccon() when
exec()'ing from a nosuid mounted filesystem.  This patch makes things
a bit more consistent by returning an error in the setexeccon()/nosuid
case.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Andy Lutomirski <luto@amacapital.net>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Paul Moore 2014-05-15 11:16:06 -04:00 committed by Serge Hallyn
parent ca7786a2f9
commit 5b589d44fa
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
security/selinux/hooks.c
View File

@ -2123,11 +2123,13 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
new_tsec->exec_sid = 0; new_tsec->exec_sid = 0;
/* /*
* Minimize confusion: if no_new_privs and a transition is * Minimize confusion: if no_new_privs or nosuid and a
* explicitly requested, then fail the exec. * transition is explicitly requested, then fail the exec.
*/ */
if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)
return -EPERM; return -EPERM;
if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
return -EACCES;
} else { } else {
/* Check for a default transition on this program. */ /* Check for a default transition on this program. */
rc = security_transition_sid(old_tsec->sid, isec->sid, rc = security_transition_sid(old_tsec->sid, isec->sid,