mirror of
https://github.com/FEX-Emu/linux.git
synced 2024-12-25 10:59:05 +00:00
8b964eae20
If the xindex value stored in the accept tables is 0, the extraction of that value will result in an underflow (0 - 4). In properly compiled policy this should not happen for file rules but it may be possible for other rule types in the future. To exploit this underflow a user would have to be able to load a corrupt policy, which requires CAP_MAC_ADMIN, overwrite system policy in kernel memory or know of a compiler error resulting in the flaw being present for loaded policy (no such flaw is known at this time). Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com> |
||
---|---|---|
.. | ||
apparmor.h | ||
apparmorfs.h | ||
audit.h | ||
capability.h | ||
context.h | ||
domain.h | ||
file.h | ||
ipc.h | ||
match.h | ||
path.h | ||
policy_unpack.h | ||
policy.h | ||
procattr.h | ||
resource.h | ||
sid.h |