linux/security/apparmor/include
John Johansen 8b964eae20 AppArmor: Fix underflow in xindex calculation
If the xindex value stored in the accept tables is 0, the extraction of
that value will result in an underflow (0 - 4).

In properly compiled policy this should not happen for file rules but
it may be possible for other rule types in the future.

To exploit this underflow a user would have to be able to load a corrupt
policy, which requires CAP_MAC_ADMIN, overwrite system policy in kernel
memory or know of a compiler error resulting in the flaw being present
for loaded policy (no such flaw is known at this time).

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
2012-02-27 11:38:21 -08:00
..
apparmor.h module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
apparmorfs.h AppArmor: add "file" details to securityfs 2012-02-27 11:38:18 -08:00
audit.h AppArmor: Fix dropping of allowed operations that are force audited 2012-02-27 11:38:21 -08:00
capability.h
context.h
domain.h
file.h AppArmor: Fix underflow in xindex calculation 2012-02-27 11:38:21 -08:00
ipc.h
match.h Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
path.h
policy_unpack.h
policy.h
procattr.h
resource.h AppArmor: export known rlimit names/value mappings in securityfs 2012-02-27 11:38:19 -08:00
sid.h