selinux: fix empty write to keycreate file - user/sven/linux.git

diff options

author	Ondrej Mosnacek <omosnace@redhat.com>	2019-06-12 10:12:26 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-07-26 09:14:07 +0200
commit	914026d581007a67a911630a0a8afebdbe7d41d3 (patch)
tree	3861a4bb44904fc67f4e65cc138ed147fa8c5d36 /include/uapi/linux/ppdev.h
parent	10e3788e6575e370c63f3f6aa501b19c3b5aa9f6 (diff)

selinux: fix empty write to keycreate file

[ Upstream commit 464c258aa45b09f16aa0f05847ed8895873262d9 ] When sid == 0 (we are resetting keycreate_sid to the default value), we should skip the KEY__CREATE check. Before this patch, doing a zero-sized write to /proc/self/keycreate would check if the current task can create unlabeled keys (which would usually fail with -EACCESS and generate an AVC). Now it skips the check and correctly sets the task's keycreate_sid to 0. Bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1719067 Tested using the reproducer from the report above. Fixes: 4eb582cf1fbd ("[PATCH] keys: add a way to store the appropriate context for newly-created keys") Reported-by: Kir Kolyshkin <kir@sacred.ru> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'include/uapi/linux/ppdev.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: