a task lock held)
violated this rule.
Also add a might_sleep() assertion to begin_current_label_crit_section(),
because asserts are less likely to be ignored than comments.
Signed-off-by: Jann Horn
---
I have tested that just the might_sleep() yells a lot, and adding the
rest of the patch stops
("apparmor: move ptrace checks to using labels")
Reported-by: Cyrill Gorcunov
Reported-by: kernel test robot
Signed-off-by: Jann Horn
---
security/apparmor/lsm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/apparmor/l
age are also entirely unrelated.
> url:
> https://github.com/0day-ci/linux/commits/Jann-Horn/apparmor-don-t-try-to-replace-stale-label-in-ptraceme-check/20180929-101346
> base:
> https://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
> next
> confi
Hi!
I'm subscribed to apparmor@lists.ubuntu.com, and I noticed that I got
bug mail for https://bugs.launchpad.net/bugs/1800789 via this list
when the bug was still marked as a security bug.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubunt
On Thu, Oct 6, 2022 at 11:05 AM Christian Brauner wrote:
> On Thu, Oct 06, 2022 at 01:27:34AM -0700, Kees Cook wrote:
> > The check_unsafe_exec() counting of n_fs would not add up under a heavily
> > threaded process trying to perform a suid exec, causing the suid portion
> > to fail. This countin
On Thu, Oct 6, 2022 at 5:25 PM Kees Cook wrote:
> On October 6, 2022 7:13:37 AM PDT, Jann Horn wrote:
> >On Thu, Oct 6, 2022 at 11:05 AM Christian Brauner wrote:
> >> On Thu, Oct 06, 2022 at 01:27:34AM -0700, Kees Cook wrote:
> >> > The check_unsafe_exec() cou
On Fri, Oct 14, 2022 at 5:18 AM Andy Lutomirski wrote:
> On Thu, Oct 6, 2022, at 7:13 AM, Jann Horn wrote:
> > On Thu, Oct 6, 2022 at 11:05 AM Christian Brauner
> > wrote:
> >> On Thu, Oct 06, 2022 at 01:27:34AM -0700, Kees Cook wrote:
> >> > The check_unsa
On Tue, Oct 18, 2022 at 9:09 AM Kees Cook wrote:
> On Fri, Oct 14, 2022 at 05:35:26PM +0200, Jann Horn wrote:
> > On Fri, Oct 14, 2022 at 5:18 AM Andy Lutomirski wrote:
> > > On Thu, Oct 6, 2022, at 7:13 AM, Jann Horn wrote:
> > > > On Thu, Oct 6, 2022
On Wed, Jan 24, 2024 at 8:22 PM Kees Cook wrote:
> After commit 978ffcbf00d8 ("execve: open the executable file before
> doing anything else"), current->in_execve was no longer in sync with the
> open(). This broke AppArmor and TOMOYO which depend on this flag to
> distinguish "open" operations fr
On Wed, Jan 24, 2024 at 9:47 PM Linus Torvalds
wrote:
>
> On Wed, 24 Jan 2024 at 12:15, Kees Cook wrote:
> >
> > Hmpf, and frustratingly Ubuntu (and Debian) still builds with
> > CONFIG_USELIB, even though it was reported[2] to them almost 4 years ago.
>
> Well, we could just remove the __FMODE_E
On Wed, Jan 24, 2024 at 10:32 PM Kees Cook wrote:
>
> On Wed, Jan 24, 2024 at 12:47:34PM -0800, Linus Torvalds wrote:
> > On Wed, 24 Jan 2024 at 12:15, Kees Cook wrote:
> > >
> > > Hmpf, and frustratingly Ubuntu (and Debian) still builds with
> > > CONFIG_USELIB, even though it was reported[2] to
On Thu, Jan 25, 2024 at 3:35 PM Tetsuo Handa
wrote:
>
> On 2024/01/25 6:50, Kees Cook wrote:
> > Yeah, I was just noticing this. I was over thinking. :) It does look
> > like all that is needed is to remove __FMODE_EXEC.
>
> I worry that some out-of-tree kernel code continues using __FMODE_EXEC fo
h the side effects of
receiving signals (since it'll probably get SIGCHLD when the child dies),
so that probably isn't an issue.
Signed-off-by: Jann Horn
---
This is a quickly hacked up demo of the approach I proposed at
<https://lore.kernel.org/all/CAG48ez2bnvuX8i-D=5dxmfzeoktwa
On Fri, Aug 2, 2024 at 8:09 PM Jarkko Sakkinen wrote:
> On Fri Aug 2, 2024 at 4:10 PM EEST, Jann Horn wrote:
> > cred_alloc_blank and cred_transfer were only necessary so that keyctl can
> > allocate creds in the child and then asynchronously have the parent fill
> > t
h
about the keys subsystem to know if that would maybe break stuff
that relies on override_creds() also overriding the keyrings, or
something like that.
Signed-off-by: Jann Horn
---
Changes in v2:
- use interruptible wait instead of killable
- split into two patches (Jarkko)
- Link to
ely anyway has to be ready to deal with the side effects of
receiving signals (since it'll probably get SIGCHLD when the child dies),
so that probably isn't an issue.
Signed-off-by: Jann Horn
---
security/keys/internal.h | 8
security/keys/
Now that they're unused thanks to the preceding commit, remove
cred_alloc_blank(), security_transfer_creds(), and the corresponding LSM
hook implementations.
Signed-off-by: Jann Horn
---
include/linux/cred.h | 1 -
include/linux/lsm_hook_defs.h | 3 ---
include/linux/secur
On Thu, Aug 15, 2024 at 9:46 PM David Howells wrote:
> Jann Horn wrote:
>
> > Rewrite keyctl_session_to_parent() to run task work on the parent
> > synchronously, so that any errors that happen in the task work can be
> > plumbed back into the syscall return value in
On Tue, Sep 10, 2024 at 11:07 PM Paul Moore wrote:
> On Aug 5, 2024 Jann Horn wrote:
> > - cred->session_keyring = key_ref_to_ptr(keyring_r);
> > - keyring_r = NULL;
> > - init_task_work(newwork, key_change_session_keyring);
> > + /* the parent mu
On Mon, Sep 16, 2024 at 12:46 PM Paul Moore wrote:
> On Tue, Sep 10, 2024 at 4:49 PM Paul Moore wrote:
> > On Thu, Aug 15, 2024 at 4:00 PM Jann Horn wrote:
> > > On Thu, Aug 15, 2024 at 9:46 PM David Howells wrote:
> > > > Jann Horn wrote:
> > > >
On Tue, May 13, 2025 at 10:57 PM Kees Cook wrote:
> On May 13, 2025 6:05:45 AM PDT, Mateusz Guzik wrote:
> >Here is my proposal: *deny* exec of suid/sgid binaries if fs_struct is
> >shared. This will have to be checked for after the execing proc becomes
> >single-threaded ofc.
>
> Unfortunately t
21 matches
Mail list logo
