diff options
| author | Ingo Molnar <mingo@elte.hu> | 2008-12-16 14:57:41 -0500 |
|---|---|---|
| committer | Ingo Molnar <mingo@elte.hu> | 2008-12-16 14:57:41 -0500 |
| commit | dd7a5230cd651bfb119d222561c4032f30dd5659 (patch) | |
| tree | 85628ef75d1f512f43df6f760980b6cce6cf40c7 /security | |
| parent | 050dc6944b9ca2186f4729ab44e0da3743933941 (diff) | |
| parent | 8b1fae4e4200388b64dd88065639413cb3f1051c (diff) | |
Merge commit 'v2.6.28-rc8' into x86/cpufeature
Diffstat (limited to 'security')
| -rw-r--r-- | security/commoncap.c | 6 | ||||
| -rw-r--r-- | security/keys/internal.h | 1 | ||||
| -rw-r--r-- | security/keys/process_keys.c | 2 | ||||
| -rw-r--r-- | security/keys/request_key.c | 4 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 8 |
5 files changed, 14 insertions, 7 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 399bfdb9e2da..3976613db829 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -279,10 +279,10 @@ static int get_file_caps(struct linux_binprm *bprm) | |||
| 279 | struct vfs_cap_data vcaps; | 279 | struct vfs_cap_data vcaps; |
| 280 | struct inode *inode; | 280 | struct inode *inode; |
| 281 | 281 | ||
| 282 | if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) { | 282 | bprm_clear_caps(bprm); |
| 283 | bprm_clear_caps(bprm); | 283 | |
| 284 | if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) | ||
| 284 | return 0; | 285 | return 0; |
| 285 | } | ||
| 286 | 286 | ||
| 287 | dentry = dget(bprm->file->f_dentry); | 287 | dentry = dget(bprm->file->f_dentry); |
| 288 | inode = dentry->d_inode; | 288 | inode = dentry->d_inode; |
diff --git a/security/keys/internal.h b/security/keys/internal.h index b39f5c2e2c4b..239098f0fd76 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h | |||
| @@ -107,6 +107,7 @@ extern key_ref_t search_process_keyrings(struct key_type *type, | |||
| 107 | 107 | ||
| 108 | extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check); | 108 | extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check); |
| 109 | 109 | ||
| 110 | extern int install_user_keyrings(struct task_struct *tsk); | ||
| 110 | extern int install_thread_keyring(struct task_struct *tsk); | 111 | extern int install_thread_keyring(struct task_struct *tsk); |
| 111 | extern int install_process_keyring(struct task_struct *tsk); | 112 | extern int install_process_keyring(struct task_struct *tsk); |
| 112 | 113 | ||
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 5be6d018759a..45b240af6dbe 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
| @@ -40,7 +40,7 @@ struct key_user root_key_user = { | |||
| 40 | /* | 40 | /* |
| 41 | * install user and user session keyrings for a particular UID | 41 | * install user and user session keyrings for a particular UID |
| 42 | */ | 42 | */ |
| 43 | static int install_user_keyrings(struct task_struct *tsk) | 43 | int install_user_keyrings(struct task_struct *tsk) |
| 44 | { | 44 | { |
| 45 | struct user_struct *user = tsk->user; | 45 | struct user_struct *user = tsk->user; |
| 46 | struct key *uid_keyring, *session_keyring; | 46 | struct key *uid_keyring, *session_keyring; |
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index ba32ca6469bd..abea08f87fe2 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
| @@ -74,6 +74,10 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
| 74 | 74 | ||
| 75 | kenter("{%d},{%d},%s", key->serial, authkey->serial, op); | 75 | kenter("{%d},{%d},%s", key->serial, authkey->serial, op); |
| 76 | 76 | ||
| 77 | ret = install_user_keyrings(tsk); | ||
| 78 | if (ret < 0) | ||
| 79 | goto error_alloc; | ||
| 80 | |||
| 77 | /* allocate a new session keyring */ | 81 | /* allocate a new session keyring */ |
| 78 | sprintf(desc, "_req.%u", key->serial); | 82 | sprintf(desc, "_req.%u", key->serial); |
| 79 | 83 | ||
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3e3fde7c1d2b..f85597a4d733 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -2126,14 +2126,16 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
| 2126 | tty = get_current_tty(); | 2126 | tty = get_current_tty(); |
| 2127 | if (tty) { | 2127 | if (tty) { |
| 2128 | file_list_lock(); | 2128 | file_list_lock(); |
| 2129 | file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list); | 2129 | if (!list_empty(&tty->tty_files)) { |
| 2130 | if (file) { | 2130 | struct inode *inode; |
| 2131 | |||
| 2131 | /* Revalidate access to controlling tty. | 2132 | /* Revalidate access to controlling tty. |
| 2132 | Use inode_has_perm on the tty inode directly rather | 2133 | Use inode_has_perm on the tty inode directly rather |
| 2133 | than using file_has_perm, as this particular open | 2134 | than using file_has_perm, as this particular open |
| 2134 | file may belong to another process and we are only | 2135 | file may belong to another process and we are only |
| 2135 | interested in the inode-based check here. */ | 2136 | interested in the inode-based check here. */ |
| 2136 | struct inode *inode = file->f_path.dentry->d_inode; | 2137 | file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list); |
| 2138 | inode = file->f_path.dentry->d_inode; | ||
| 2137 | if (inode_has_perm(current, inode, | 2139 | if (inode_has_perm(current, inode, |
| 2138 | FILE__READ | FILE__WRITE, NULL)) { | 2140 | FILE__READ | FILE__WRITE, NULL)) { |
| 2139 | drop_tty = 1; | 2141 | drop_tty = 1; |