[PATCH 0/2] exec: Use sane stack rlimit for setuid exec
Linus Torvalds
torvalds at linux-foundation.org
Fri Jul 7 20:09:49 UTC 2017
On Fri, Jul 7, 2017 at 1:04 PM, Linus Torvalds
<torvalds at linux-foundation.org> wrote:
>
> It looks like Kees went through the security modules [..]
i take that back. It looks like Kees looked at smack, but not at
SElinux, for example.
selinux_bprm_secureexec() seems to just look at current_security(),
not at the new stuff in bprm at all.
Which would seem to be exactly the wrong thing to do, and is insane
(why pass in bprm at all?) but comes from the fact that we used to
call bprm_secureexec() in an insane place.
So I think this patch series is sadly broken - I think it does the
right thing, but the security modules definitely look like they need
to be updated for that right thing.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list