diff options
| author | Oleg Nesterov <oleg@tv-sign.ru> | 2008-04-30 03:52:42 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-30 11:29:34 -0400 |
| commit | 3b5e9e53c6f31b5a5a0f5c43707503c62bdefa46 (patch) | |
| tree | 1244b7cf2755c06a8a793149ce4717e4a1311218 /security | |
| parent | 9e3bd6c3fb2334be171e69b432039cd18bce4458 (diff) | |
signals: cleanup security_task_kill() usage/implementation
Every implementation of ->task_kill() does nothing when the signal comes from
the kernel. This is correct, but means that check_kill_permission() should
call security_task_kill() only for SI_FROMUSER() case, and we can remove the
same check from ->task_kill() implementations.
(sadly, check_kill_permission() is the last user of signal->session/__session
but we can't s/task_session_nr/task_session/ here).
NOTE: Eric W. Biederman pointed out cap_task_kill() should die, and I think
he is very right.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Serge Hallyn <serue@us.ibm.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: David Quigley <dpquigl@tycho.nsa.gov>
Cc: Eric Paris <eparis@redhat.com>
Cc: Harald Welte <laforge@gnumonks.org>
Cc: Pavel Emelyanov <xemul@openvz.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/hooks.c | 3 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 9 |
2 files changed, 0 insertions, 12 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 85a220465a8f..1b50a6ebc55f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -3286,9 +3286,6 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info, | |||
| 3286 | if (rc) | 3286 | if (rc) |
| 3287 | return rc; | 3287 | return rc; |
| 3288 | 3288 | ||
| 3289 | if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info))) | ||
| 3290 | return 0; | ||
| 3291 | |||
| 3292 | if (!sig) | 3289 | if (!sig) |
| 3293 | perm = PROCESS__SIGNULL; /* null signal; existence test */ | 3290 | perm = PROCESS__SIGNULL; /* null signal; existence test */ |
| 3294 | else | 3291 | else |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index fe0ae1bf1650..b5c8f9237008 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -1131,15 +1131,6 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, | |||
| 1131 | int sig, u32 secid) | 1131 | int sig, u32 secid) |
| 1132 | { | 1132 | { |
| 1133 | /* | 1133 | /* |
| 1134 | * Special cases where signals really ought to go through | ||
| 1135 | * in spite of policy. Stephen Smalley suggests it may | ||
| 1136 | * make sense to change the caller so that it doesn't | ||
| 1137 | * bother with the LSM hook in these cases. | ||
| 1138 | */ | ||
| 1139 | if (info != SEND_SIG_NOINFO && | ||
| 1140 | (is_si_special(info) || SI_FROMKERNEL(info))) | ||
| 1141 | return 0; | ||
| 1142 | /* | ||
| 1143 | * Sending a signal requires that the sender | 1134 | * Sending a signal requires that the sender |
| 1144 | * can write the receiver. | 1135 | * can write the receiver. |
| 1145 | */ | 1136 | */ |