[PATCH 0/2] smack: fix two bugs in setting task label
Konstantin Andreev
andreev at swemel.ru
Wed Mar 12 09:30:29 UTC 2025
Casey Schaufler, 11/03/2025:
> On 3/6/2025 2:43 PM, Konstantin Andreev wrote:
>> These two patches have distinct subjects,
>> but work on the same object,
>> security/smack/smack_lsm.c`do_setattr()
>> and the second patch partially overwrites first,
>> so I combine them in a series.
>>
>> Konstantin Andreev (2):
>> smack: fix bug: unprivileged task can create labels
>> smack: fix bug: setting task label silently ignores input garbage
>
> There is a problem with this change. Some applications include a
> trailing '\0' when writing to /proc/self/attr/smack/current, which
> fails with this change. It may not be "correct", but it is expected.
Understood. Given this, for any "label"
three input variants should be accepted:
"label" (5 bytes)
"label\0" (6 bytes)
"label\n" (6 bytes)
but not
"label\0\n"
"label\n\0"
etc...
right?
Thank you for paying attention.
--
Konstantin Andreev
More information about the Linux-security-module-archive
mailing list