A potential issue in security_inode_init_security function
Casey Schaufler
casey at schaufler-ca.com
Fri Sep 29 17:47:07 UTC 2017
On 9/29/2017 5:37 AM, Boshi Wang wrote:
> In security_inode_init_security function of security/security.c, lsm_xattr can be modified by multiple functions due to call_init_hook function. I think that it is a potential issue when inode_init_security list is associated with more security modules, although inode_init_security list is associated with only selinux and smack currrently and the two security modules usually are not used at the same time.
Yes, this needs significant work for SELinux and Smack to work
together. Work is in progress on security module stacking. Please
see the current state of this work at
git://github.com/cschaufler/smack-next#stacking-4.13-rc2
Updates for 4.15 are in progress.
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list