github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-26 16:12:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

lsm: hold cred_guard_mutex for lsm_set_self_attr()

Browse Source 
Just as proc_pid_attr_write() already does before calling the LSM
hook. This only matters for SELinux and AppArmor which check
whether the process is being ptraced and if so, whether to
allow the transition.

Cc: stable@vger.kernel.org
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Stephen Smalley 2026-05-13 14:05:06 -04:00 committed by Paul Moore
parent 254f49634e
commit 4a9b16541a
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
security/lsm_syscalls.c
View File

@ -57,7 +57,14 @@ u64 lsm_name_to_attr(const char *name)
SYSCALL_DEFINE4(lsm_set_self_attr, unsigned int, attr, struct lsm_ctx __user *,
ctx, u32, size, u32, flags)
{
return security_setselfattr(attr, ctx, size, flags);
int rc;
rc = mutex_lock_interruptible(&current->signal->cred_guard_mutex);
if (rc < 0)
return rc;
rc = security_setselfattr(attr, ctx, size, flags);
mutex_unlock(&current->signal->cred_guard_mutex);
return rc;
}
/**