[GIT PULL] apparmor updates for 5.5
Linus Torvalds
torvalds at linux-foundation.org
Tue Dec 3 21:00:43 UTC 2019
On Tue, Dec 3, 2019 at 12:33 PM John Johansen
<john.johansen at canonical.com> wrote:
>
> + Bug fixes
> - fix sparse warning for type-casting of current->real_cred
That fix is wrong.
Yes, it removes the warning.
It's still wrong.
The proper way to remove the warning is to use the proper accessor to
read the current real_cred. And that will point out that the cred
needs to be 'const'.
IOW, it should do
const struct cred *cred = current_real_cred();
instead.
I have done the pull without doing that change, but this is a REALLY
IMPORTANT issue! Don't just "fix warnings". The warnings had a reason,
you need to _think_ about them.
This is doubly true in code that claims to be about "security".
Seriously. apparmor can't just be a "let's do random things and hope
for the best".
Linus
More information about the Linux-security-module-archive
mailing list