[PATCH] lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()

Paul Moore paul at paul-moore.com
Sat Nov 20 15:04:58 UTC 2021


On Fri, Nov 19, 2021 at 6:59 PM John Johansen
<john.johansen at canonical.com> wrote:
> On 11/19/21 3:23 PM, Serge E. Hallyn wrote:
> > On Fri, Nov 19, 2021 at 05:52:33PM -0500, Paul Moore wrote:
> >> On Wed, Sep 29, 2021 at 3:17 PM Paul Moore <paul at paul-moore.com> wrote:
> >>>
> >>> The security_task_getsecid_subj() LSM hook invites misuse by allowing
> >>> callers to specify a task even though the hook is only safe when the
> >>> current task is referenced.  Fix this by removing the task_struct
> >>> argument to the hook, requiring LSM implementations to use the
> >>> current task.  While we are changing the hook declaration we also
> >>> rename the function to security_current_getsecid_subj() in an effort
> >>> to reinforce that the hook captures the subjective credentials of the
> >>> current task and not an arbitrary task on the system.
> >>>
> >>> Signed-off-by: Paul Moore <paul at paul-moore.com>
> >
> > Makes perfect sense given the motivation of 4ebd7651b  :)
> >
> > Reviewed-by: Serge Hallyn <serge at hallyn.com>
> >
> > Oh, actually, one question below (cc:ing John explicitly)
> >
>
> << snip >>
>
> >>> -static void apparmor_task_getsecid(struct task_struct *p, u32 *secid)
> >>> +static void apparmor_current_getsecid_subj(u32 *secid)
> >>> +{
> >>> +       struct aa_label *label = aa_get_task_label(current);
> >
> > Should you use aa_get_current_label() here instead?
> >
>
> yes, that would be better

Will do, thanks guys.

-- 
paul moore
www.paul-moore.com



More information about the Linux-security-module-archive mailing list