diff options
author | Jann Horn <jannh@google.com> | 2019-04-10 09:55:19 -0700 |
---|---|---|
committer | Micah Morton <mortonm@chromium.org> | 2019-07-15 08:05:37 -0700 |
commit | 7ef6b3062fb9f0b9dbaaec182495189459100807 (patch) | |
tree | 9db72d7aa7fb324f41d698951d8f572c4509168d /crypto/crc32c_generic.c | |
parent | c783d525f9e7e1fd6a5dc3379f3c1fb041495b76 (diff) | |
download | lwn-7ef6b3062fb9f0b9dbaaec182495189459100807.tar.gz lwn-7ef6b3062fb9f0b9dbaaec182495189459100807.zip |
LSM: SafeSetID: fix check for setresuid(new1, new2, new3)
With the old code, when a process with the (real,effective,saved) UID set
(1,1,1) calls setresuid(2,3,4), safesetid_task_fix_setuid() only checks
whether the transition 1->2 is permitted; the transitions 1->3 and 1->4 are
not checked. Fix this.
This is also a good opportunity to refactor safesetid_task_fix_setuid() to
be less verbose - having one branch per set*uid() syscall is unnecessary.
Note that this slightly changes semantics: The UID transition check for
UIDs that were not in the old cred struct is now always performed against
the policy of the RUID. I think that's more consistent anyway, since the
RUID is also the one that decides whether any policy is enforced at all.
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Micah Morton <mortonm@chromium.org>
Diffstat (limited to 'crypto/crc32c_generic.c')
0 files changed, 0 insertions, 0 deletions