diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-01-17 05:54:58 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-01-17 05:54:58 +0100 |
commit | 7fbfee7c80ded94278f109aae4063741c323294a (patch) | |
tree | 464e30f0dca9272871addb2cc02b446846da22a9 /security | |
parent | Merge tag 'selinux-pr-20190115' of git://git.kernel.org/pub/scm/linux/kernel/... (diff) | |
parent | LSM: Check for NULL cred-security on free (diff) | |
download | linux-7fbfee7c80ded94278f109aae4063741c323294a.tar.xz linux-7fbfee7c80ded94278f109aae4063741c323294a.zip |
Merge branch 'fixes-v5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem fixes from James Morris:
"Fixes for the security subsystem.
The first (by Casey actually - it's misattributed) fixes a regression
introduced with the LSM stacking changes"
* 'fixes-v5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
LSM: Check for NULL cred-security on free
Yama: Check for pid death before checking ancestry
seccomp: fix UAF in user-trap code
Diffstat (limited to 'security')
-rw-r--r-- | security/security.c | 7 | ||||
-rw-r--r-- | security/yama/yama_lsm.c | 4 |
2 files changed, 10 insertions, 1 deletions
diff --git a/security/security.c b/security/security.c index f1b8d2587639..55bc49027ba9 100644 --- a/security/security.c +++ b/security/security.c @@ -1027,6 +1027,13 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) void security_cred_free(struct cred *cred) { + /* + * There is a failure case in prepare_creds() that + * may result in a call here with ->security being NULL. + */ + if (unlikely(cred->security == NULL)) + return; + call_void_hook(cred_free, cred); } diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index ffda91a4a1aa..02514fe558b4 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -368,7 +368,9 @@ static int yama_ptrace_access_check(struct task_struct *child, break; case YAMA_SCOPE_RELATIONAL: rcu_read_lock(); - if (!task_is_descendant(current, child) && + if (!pid_alive(child)) + rc = -EPERM; + if (!rc && !task_is_descendant(current, child) && !ptracer_exception_found(current, child) && !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) rc = -EPERM; |