[PATCH] lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()
John Johansen
john.johansen at canonical.com
Fri Nov 19 23:59:34 UTC 2021
On 11/19/21 3:23 PM, Serge E. Hallyn wrote:
> On Fri, Nov 19, 2021 at 05:52:33PM -0500, Paul Moore wrote:
>> On Wed, Sep 29, 2021 at 3:17 PM Paul Moore <paul at paul-moore.com> wrote:
>>>
>>> The security_task_getsecid_subj() LSM hook invites misuse by allowing
>>> callers to specify a task even though the hook is only safe when the
>>> current task is referenced. Fix this by removing the task_struct
>>> argument to the hook, requiring LSM implementations to use the
>>> current task. While we are changing the hook declaration we also
>>> rename the function to security_current_getsecid_subj() in an effort
>>> to reinforce that the hook captures the subjective credentials of the
>>> current task and not an arbitrary task on the system.
>>>
>>> Signed-off-by: Paul Moore <paul at paul-moore.com>
>
> Makes perfect sense given the motivation of 4ebd7651b :)
>
> Reviewed-by: Serge Hallyn <serge at hallyn.com>
>
> Oh, actually, one question below (cc:ing John explicitly)
>
<< snip >>
>>> -static void apparmor_task_getsecid(struct task_struct *p, u32 *secid)
>>> +static void apparmor_current_getsecid_subj(u32 *secid)
>>> +{
>>> + struct aa_label *label = aa_get_task_label(current);
>
> Should you use aa_get_current_label() here instead?
>
yes, that would be better
More information about the Linux-security-module-archive
mailing list