[PATCH 0/2] smack: fix two bugs in setting task label
Casey Schaufler
casey at schaufler-ca.com
Tue Mar 11 18:10:41 UTC 2025
On 3/6/2025 2:43 PM, Konstantin Andreev wrote:
> These two patches have distinct subjects,
> but work on the same object,
> security/smack/smack_lsm.c`do_setattr()
> and the second patch partially overwrites first,
> so I combine them in a series.
>
> Konstantin Andreev (2):
> smack: fix bug: unprivileged task can create labels
> smack: fix bug: setting task label silently ignores input garbage
There is a problem with this change. Some applications include a
trailing '\0' when writing to /proc/self/attr/smack/current, which
fails with this change. It may not be "correct", but it is expected.
>
> security/smack/smack.h | 3 +
> security/smack/smack_access.c | 93 +++++++++++++++++++++++-------
> security/smack/smack_lsm.c | 104 ++++++++++++++++++++++------------
> 3 files changed, 143 insertions(+), 57 deletions(-)
>
More information about the Linux-security-module-archive
mailing list