smack: Possible NULL pointer deref in cred_free hook.
Tetsuo Handa
penguin-kernel at I-love.SAKURA.ne.jp
Wed Feb 14 22:15:58 UTC 2024
On 2024/02/15 3:55, Paul Moore wrote:
>> Ah, but it turns out that the only LSM that can fail in _cred_prepare()
>> is Smack. Even if smack_cred_prepare() fails it will have called
>> init_task_smack(), so there isn't *currently* a problem. Should another
>> LSM have the possibility of failing in whatever_cred_prepare() this
>> could be an issue.
>
> Let's make sure we fix this, even if it isn't a problem with the
> current code, it is very possible it could become a problem at some
> point in the future and I don't want to see us get surprised by this
> then.
>
Anyone can built-in an out-of-tree LSM where whatever_cred_prepare() fails.
An in-tree code that fails if an out-of-tree code (possibly BPF based LSM)
is added should be considered as a problem with the current code.
More information about the Linux-security-module-archive
mailing list