[GIT PULL] apparmor updates for 5.5

Linus Torvalds torvalds at linux-foundation.org
Tue Dec 3 21:00:43 UTC 2019


On Tue, Dec 3, 2019 at 12:33 PM John Johansen
<john.johansen at canonical.com> wrote:
>
> + Bug fixes
>    - fix sparse warning for type-casting of current->real_cred

That fix is wrong.

Yes, it removes the warning.

It's still wrong.

The proper way to remove the warning is to use the proper accessor to
read the current real_cred.  And that will point out that the cred
needs to be 'const'.

IOW, it should do

        const struct cred *cred = current_real_cred();

instead.

I have done the pull without doing that change, but this is a REALLY
IMPORTANT issue! Don't just "fix warnings". The warnings had a reason,
you need to _think_ about them.

This is doubly true in code that claims to be about "security".
Seriously. apparmor can't just be a "let's do random things and hope
for the best".

                 Linus



More information about the Linux-security-module-archive mailing list