user/sven/linux.git/security, branch v3.12.70

apparmor: do not expose kernel stack

2017-01-27T10:16:15Z

commit f4ee2def2d70692ccff0d55353df4ee594fd0017 upstream. Do not copy uninitalized fields th.td_hilen, th.td_data. Signed-off-by: Heinrich Schuchardt Signed-off-by: John Johansen Signed-off-by: Jiri Slaby

apparmor: fix module parameters can be changed after policy is locked

2017-01-27T10:16:15Z

commit 58acf9d911c8831156634a44d0b022d683e1e50c upstream. the policy_lock parameter is a one way switch that prevents policy from being further modified. Unfortunately some of the module parameters can effectively modify policy by turning off enforcement. split policy_admin_capable into a view check and a full admin check, and update the admin check to test the policy_lock parameter. Signed-off-by: John Johansen Signed-off-by: Jiri Slaby

apparmor: fix oops in profile_unpack() when policy_db is not present

2017-01-27T10:16:14Z

commit 5f20fdfed16bc599a325a145bf0123a8e1c9beea upstream. BugLink: http://bugs.launchpad.net/bugs/1592547 If unpack_dfa() returns NULL due to the dfa not being present, profile_unpack() is not checking if the dfa is not present (NULL). Signed-off-by: John Johansen Signed-off-by: Jiri Slaby

apparmor: don't check for vmalloc_addr if kvzalloc() failed

2017-01-27T10:16:13Z

commit 3197f5adf539a3ee6331f433a51483f8c842f890 upstream. Signed-off-by: John Johansen Signed-off-by: Jiri Slaby

apparmor: add missing id bounds check on dfa verification

2017-01-27T10:16:13Z

commit 15756178c6a65b261a080e21af4766f59cafc112 upstream. Signed-off-by: John Johansen Signed-off-by: Jiri Slaby

apparmor: fix refcount race when finding a child profile

2017-01-27T10:16:12Z

commit de7c4cc947f9f56f61520ee7edaf380434a98c8d upstream. When finding a child profile via an rcu critical section, the profile may be put and scheduled for deletion after the child is found but before its refcount is incremented. Protect against this by repeating the lookup if the profiles refcount is 0 and is one its way to deletion. Signed-off-by: John Johansen Acked-by: Seth Arnold Signed-off-by: Jiri Slaby

apparmor: check that xindex is in trans_table bounds

2017-01-27T10:16:11Z

commit 23ca7b640b4a55f8747301b6bd984dd05545f6a7 upstream. Signed-off-by: John Johansen Acked-by: Seth Arnold Signed-off-by: Jiri Slaby

apparmor: ensure the target profile name is always audited

2017-01-27T10:16:11Z

commit f7da2de01127b58d93cebeab165136d0998e7b1a upstream. The target profile name was not being correctly audited in a few cases because the target variable was not being set and gotos passed the code to set it at apply: Since it is always based on new_profile just drop the target var and conditionally report based on new_profile. Signed-off-by: John Johansen Acked-by: Seth Arnold Acked-by: Jeff Mahoney Signed-off-by: Jiri Slaby

apparmor: fix audit full profile hname on successful load

2017-01-27T10:16:10Z

commit 7ee6da25dcce27b6023a8673fdf8be98dcf7cacf upstream. Currently logging of a successful profile load only logs the basename of the profile. This can result in confusion when a child profile has the same name as the another profile in the set. Logging the hname will ensure there is no confusion. Signed-off-by: John Johansen Acked-by: Seth Arnold Signed-off-by: Jiri Slaby

apparmor: fix log failures for all profiles in a set

2017-01-27T10:16:10Z

commit bf15cf0c641be8e57d45f110a9d91464f5bb461a upstream. currently only the profile that is causing the failure is logged. This makes it more confusing than necessary about which profiles loaded and which didn't. So make sure to log success and failure messages for all profiles in the set being loaded. Signed-off-by: John Johansen Acked-by: Seth Arnold Signed-off-by: Jiri Slaby