1. 26 Sep, 2018 1 commit
  2. 24 Aug, 2018 1 commit
  3. 04 Oct, 2017 1 commit
    • Casey Schaufler's avatar
      lsm: fix smack_inode_removexattr and xattr_getsecurity memleak · 57e7ba04
      Casey Schaufler authored
      security_inode_getsecurity() provides the text string value
      of a security attribute. It does not provide a "secctx".
      The code in xattr_getsecurity() that calls security_inode_getsecurity()
      and then calls security_release_secctx() happened to work because
      SElinux and Smack treat the attribute and the secctx the same way.
      It fails for cap_inode_getsecurity(), because that module has no
      secctx that ever needs releasing. It turns out that Smack is the
      one that's doing things wrong by not allocating memory when instructed
      to do so by the "alloc" parameter.
      The fix is simple enough. Change the security_release_secctx() to
      kfree() because it isn't a secctx being returned by
      security_inode_getsecurity(). Change Smack to allocate the string when
      told to do so.
      Note: this also fixes memory leaks for LSMs which implement
      inode_getsecurity but not release_secctx, such as capabilities.
      Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      Reported-by: default avatarKonstantin Khlebnikov <khlebnikov@yandex-team.ru>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
  4. 01 Aug, 2017 3 commits
  5. 31 Jul, 2017 1 commit
  6. 01 Jun, 2017 3 commits
  7. 27 Apr, 2017 1 commit
  8. 04 Apr, 2017 2 commits
  9. 06 Mar, 2017 1 commit
  10. 23 Jan, 2017 1 commit
  11. 19 Jan, 2017 1 commit
  12. 12 Jan, 2017 1 commit
  13. 10 Jan, 2017 10 commits
  14. 09 Jan, 2017 1 commit
  15. 04 Dec, 2016 1 commit
  16. 15 Nov, 2016 1 commit
    • Casey Schaufler's avatar
      Smack: Remove unnecessary smack_known_invalid · 152f91d4
      Casey Schaufler authored
      The invalid Smack label ("") and the Huh ("?") Smack label
      serve the same purpose and having both is unnecessary.
      While pulling out the invalid label it became clear that
      the use of smack_from_secid() was inconsistent, so that
      is repaired. The setting of inode labels to the invalid
      label could never happen in a functional system, has
      never been observed in the wild and is not what you'd
      really want for a failure behavior in any case. That is
      Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
  17. 14 Nov, 2016 1 commit
  18. 10 Nov, 2016 4 commits
    • Casey Schaufler's avatar
      Smack: ipv6 label match fix · 2e4939f7
      Casey Schaufler authored
      The check for a deleted entry in the list of IPv6 host
      addresses was being performed in the wrong place, leading
      to most peculiar results in some cases. This puts the
      check into the right place.
      Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
    • Himanshu Shukla's avatar
      SMACK: Fix the memory leak in smack_cred_prepare() hook · b437aba8
      Himanshu Shukla authored
      Memory leak in smack_cred_prepare()function.
      smack_cred_prepare() hook returns error if there is error in allocating
      memory in smk_copy_rules() or smk_copy_relabel() function.
      If smack_cred_prepare() function returns error then the calling
      function should call smack_cred_free() function for cleanup.
      In smack_cred_free() function first credential is  extracted and
      then all rules are deleted. In smack_cred_prepare() function security
      field is assigned in the end when all function return success. But this
      function may return before and memory will not be freed.
      Signed-off-by: default avatarHimanshu Shukla <himanshu.sh@samsung.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
    • Himanshu Shukla's avatar
      SMACK: Do not apply star label in smack_setprocattr hook · 7128ea15
      Himanshu Shukla authored
      Smack prohibits processes from using the star ("*") and web ("@") labels.
      Checks have been added in other functions. In smack_setprocattr()
      hook, only check for web ("@") label has been added and restricted
      from applying web ("@") label.
      Check for star ("*") label should also be added in smack_setprocattr()
      hook. Return error should be "-EINVAL" not "-EPERM" as permission
      is there for setting label but not the label value as star ("*") or
      web ("@").
      Signed-off-by: default avatarHimanshu Shukla <himanshu.sh@samsung.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
    • Himanshu Shukla's avatar
      smack: parse mnt opts after privileges check · 2097f599
      Himanshu Shukla authored
      In smack_set_mnt_opts()first the SMACK mount options are being
      parsed and later it is being checked whether the user calling
      mount has CAP_MAC_ADMIN capability.
      This sequence of operationis will allow unauthorized user to add
      SMACK labels in label list and may cause denial of security attack
      by adding many labels by allocating kernel memory by unauthorized user.
      Superblock smack flag is also being set as initialized though function
      may return with EPERM error.
      First check the capability of calling user then set the SMACK attributes
      and smk_flags.
      Signed-off-by: default avatarHimanshu Shukla <himanshu.sh@samsung.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
  19. 05 Nov, 2016 1 commit
  20. 08 Oct, 2016 1 commit
  21. 08 Sep, 2016 1 commit
    • Casey Schaufler's avatar
      Smack: Signal delivery as an append operation · c60b9066
      Casey Schaufler authored
      Under a strict subject/object security policy delivering a
      signal or delivering network IPC could be considered either
      a write or an append operation. The original choice to make
      both write operations leads to an issue where IPC delivery
      is desired under policy, but delivery of signals is not.
      This patch provides the option of making signal delivery
      an append operation, allowing Smack rules that deny signal
      delivery while allowing IPC. This was requested for Tizen.
      Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
  22. 23 Aug, 2016 1 commit
  23. 08 Aug, 2016 1 commit