github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 15:12:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
df8f1d2633
linux/security
History
Tetsuo Handa d5748309bb TOMOYO: Fix mount flags checking order. 
commit df91e49477 upstream.

Userspace can pass in arbitrary combinations of MS_* flags to mount().

If both MS_BIND and one of MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE are
passed, device name which should be checked for MS_BIND was not checked because
MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE had higher priority than MS_BIND.

If both one of MS_BIND/MS_MOVE and MS_REMOUNT are passed, device name which
should not be checked for MS_REMOUNT was checked because MS_BIND/MS_MOVE had
higher priority than MS_REMOUNT.

Fix these bugs by changing priority to MS_REMOUNT -> MS_BIND ->
MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE -> MS_MOVE as with do_mount() does.

Also, unconditionally return -EINVAL if more than one of
MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE is passed so that TOMOYO will not
generate inaccurate audit logs, for commit 7a2e8a8f "VFS: Sanity check mount
flags passed to change_mnt_propagation()" clarified that these flags must be
exclusively passed.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-04-13 08:14:08 -07:00
..
apparmor fix apparmor dereferencing potentially freed dentry, sanitize __d_path() API 2011-12-21 12:57:36 -08:00
integrity/ima ima: fix invalid memory reference 2012-01-25 17:24:41 -08:00
keys KEYS: Fix a NULL pointer deref in the user-defined key type 2011-11-21 14:31:18 -08:00
selinux SELinux: Fix RCU deref check warning in sel_netport_insert() 2012-01-06 14:13:52 -08:00
smack Merge commit 'v2.6.39' into 20110526 2011-05-26 17:20:14 -04:00
tomoyo TOMOYO: Fix mount flags checking order. 2012-04-13 08:14:08 -07:00
capability.c SECURITY: Move exec_permission RCU checks into security modules 2011-04-25 10:20:32 -04:00
commoncap.c capabilities: do not special case exec of init 2011-04-04 10:31:06 +10:00
device_cgroup.c devcgroup_inode_permission: take "is it a device node" checks to inlined wrapper 2011-06-20 10:46:04 -04:00
inode.c convert get_sb_single() users 2010-10-29 04:16:28 -04:00
Kconfig security: select correct default LSM_MMAP_MIN_ADDR on ARM. 2011-03-22 09:35:12 +11:00
lsm_audit.c LSM: separate LSM_AUDIT_DATA_DENTRY from LSM_AUDIT_DATA_PATH 2011-04-25 18:14:07 -04:00
Makefile AppArmor: Enable configuring and building of the AppArmor security module 2010-08-02 15:38:34 +10:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c SECURITY: Move exec_permission RCU checks into security modules 2011-04-25 10:20:32 -04:00