aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2009-04-29 08:45:05 -0400
committerJames Morris <jmorris@namei.org>2009-04-29 19:07:13 -0400
commit3bcac0263f0b45e67a64034ebcb69eb9abb742f4 (patch)
tree33f4db08edaa12e1c20df348e2fa28c7c2198ebe /security
parent88c48db9788862d0290831d081bc3c64e13b592f (diff)
SELinux: Don't flush inherited SIGKILL during execve()
Don't flush inherited SIGKILL during execve() in SELinux's post cred commit hook. This isn't really a security problem: if the SIGKILL came before the credentials were changed, then we were right to receive it at the time, and should honour it; if it came after the creds were changed, then we definitely should honour it; and in any case, all that will happen is that the process will be scrapped before it ever returns to userspace. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index dd19ba81201..5a345115036 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2394,11 +2394,12 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2394 memset(&itimer, 0, sizeof itimer); 2394 memset(&itimer, 0, sizeof itimer);
2395 for (i = 0; i < 3; i++) 2395 for (i = 0; i < 3; i++)
2396 do_setitimer(i, &itimer, NULL); 2396 do_setitimer(i, &itimer, NULL);
2397 flush_signals(current);
2398 spin_lock_irq(&current->sighand->siglock); 2397 spin_lock_irq(&current->sighand->siglock);
2399 flush_signal_handlers(current, 1); 2398 if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
2400 sigemptyset(&current->blocked); 2399 __flush_signals(current);
2401 recalc_sigpending(); 2400 flush_signal_handlers(current, 1);
2401 sigemptyset(&current->blocked);
2402 }
2402 spin_unlock_irq(&current->sighand->siglock); 2403 spin_unlock_irq(&current->sighand->siglock);
2403 } 2404 }
2404 2405