Merge branch 'fixes-v5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem fixes from James Morris: "Fixes for the security subsystem. The first (by Casey actually - it's misattributed) fixes a regression introduced with the LSM stacking changes" * 'fixes-v5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: LSM: Check for NULL cred-security on free Yama: Check for pid death before checking ancestry seccomp: fix UAF in user-trap code
This commit is contained in:
commit
7fbfee7c80
|
@ -976,6 +976,9 @@ static int seccomp_notify_release(struct inode *inode, struct file *file)
|
|||
struct seccomp_filter *filter = file->private_data;
|
||||
struct seccomp_knotif *knotif;
|
||||
|
||||
if (!filter)
|
||||
return 0;
|
||||
|
||||
mutex_lock(&filter->notify_lock);
|
||||
|
||||
/*
|
||||
|
@ -1300,6 +1303,7 @@ out:
|
|||
out_put_fd:
|
||||
if (flags & SECCOMP_FILTER_FLAG_NEW_LISTENER) {
|
||||
if (ret < 0) {
|
||||
listener_f->private_data = NULL;
|
||||
fput(listener_f);
|
||||
put_unused_fd(listener);
|
||||
} else {
|
||||
|
|
|
@ -1027,6 +1027,13 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
|
|||
|
||||
void security_cred_free(struct cred *cred)
|
||||
{
|
||||
/*
|
||||
* There is a failure case in prepare_creds() that
|
||||
* may result in a call here with ->security being NULL.
|
||||
*/
|
||||
if (unlikely(cred->security == NULL))
|
||||
return;
|
||||
|
||||
call_void_hook(cred_free, cred);
|
||||
}
|
||||
|
||||
|
|
|
@ -368,7 +368,9 @@ static int yama_ptrace_access_check(struct task_struct *child,
|
|||
break;
|
||||
case YAMA_SCOPE_RELATIONAL:
|
||||
rcu_read_lock();
|
||||
if (!task_is_descendant(current, child) &&
|
||||
if (!pid_alive(child))
|
||||
rc = -EPERM;
|
||||
if (!rc && !task_is_descendant(current, child) &&
|
||||
!ptracer_exception_found(current, child) &&
|
||||
!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE))
|
||||
rc = -EPERM;
|
||||
|
|
Loading…
Reference in New Issue