summaryrefslogtreecommitdiff
path: root/crypto/crc32c_generic.c
diff options
context:
space:
mode:
authorJann Horn <jannh@google.com>2019-04-10 09:55:19 -0700
committerMicah Morton <mortonm@chromium.org>2019-07-15 08:05:37 -0700
commit7ef6b3062fb9f0b9dbaaec182495189459100807 (patch)
tree9db72d7aa7fb324f41d698951d8f572c4509168d /crypto/crc32c_generic.c
parentc783d525f9e7e1fd6a5dc3379f3c1fb041495b76 (diff)
downloadlwn-7ef6b3062fb9f0b9dbaaec182495189459100807.tar.gz
lwn-7ef6b3062fb9f0b9dbaaec182495189459100807.zip
LSM: SafeSetID: fix check for setresuid(new1, new2, new3)
With the old code, when a process with the (real,effective,saved) UID set (1,1,1) calls setresuid(2,3,4), safesetid_task_fix_setuid() only checks whether the transition 1->2 is permitted; the transitions 1->3 and 1->4 are not checked. Fix this. This is also a good opportunity to refactor safesetid_task_fix_setuid() to be less verbose - having one branch per set*uid() syscall is unnecessary. Note that this slightly changes semantics: The UID transition check for UIDs that were not in the old cred struct is now always performed against the policy of the RUID. I think that's more consistent anyway, since the RUID is also the one that decides whether any policy is enforced at all. Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Micah Morton <mortonm@chromium.org>
Diffstat (limited to 'crypto/crc32c_generic.c')
0 files changed, 0 insertions, 0 deletions