[PATCH 0/2] smack: fix two bugs in setting task label
Casey Schaufler
casey at schaufler-ca.com
Wed Mar 12 16:35:30 UTC 2025
On 3/12/2025 2:30 AM, Konstantin Andreev wrote:
> Casey Schaufler, 11/03/2025:
>> On 3/6/2025 2:43 PM, Konstantin Andreev wrote:
>>> These two patches have distinct subjects,
>>> but work on the same object,
>>> security/smack/smack_lsm.c`do_setattr()
>>> and the second patch partially overwrites first,
>>> so I combine them in a series.
>>>
>>> Konstantin Andreev (2):
>>> smack: fix bug: unprivileged task can create labels
>>> smack: fix bug: setting task label silently ignores input garbage
>>
>> There is a problem with this change. Some applications include a
>> trailing '\0' when writing to /proc/self/attr/smack/current, which
>> fails with this change. It may not be "correct", but it is expected.
>
> Understood. Given this, for any "label"
> three input variants should be accepted:
>
> "label" (5 bytes)
> "label\0" (6 bytes)
> "label\n" (6 bytes)
>
> but not
>
> "label\0\n"
I agree that this should not be accepted.
> "label\n\0"
It's sloppy, but I can see a someone using strlen() + 1 inappropriately.
This should be accepted.
> etc...
>
> right?
>
> Thank you for paying attention.
I'm the maintainer, paying attention is why I get the big bucks.
... ok, in truth, I don't get paid anything, but it's the principle.
> --
> Konstantin Andreev
>
More information about the Linux-security-module-archive
mailing list