joel16/android_kernel_sony_msm8994_rework
1
0
Fork 0
mirror of https://github.com/joel16/android_kernel_sony_msm8994_rework.git synced 2024-11-23 20:09:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
186947a654
android_kernel_sony_msm8994.../security/selinux
History
Stephen Smalley 37984c032e
BACKPORT: UPSTREAM: selinux: fix off-by-one in setprocattr 
SELinux tries to support setting/clearing of /proc/pid/attr attributes
from the shell by ignoring terminating newlines and treating an
attribute value that begins with a NUL or newline as an attempt to
clear the attribute.  However, the test for clearing attributes has
always been wrong; it has an off-by-one error, and this could further
lead to reading past the end of the allocated buffer since commit
bb646cdb12e75d82258c2f2e7746d5952d3e321a ("proc_pid_attr_write():
switch to memdup_user()").  Fix the off-by-one error.

Even with this fix, setting and clearing /proc/pid/attr attributes
from the shell is not straightforward since the interface does not
support multiple write() calls (so shells that write the value and
newline separately will set and then immediately clear the attribute,
requiring use of echo -n to set the attribute), whereas trying to use
echo -n "" to clear the attribute causes the shell to skip the
write() call altogether since POSIX says that a zero-length write
causes no side effects. Thus, one must use echo -n to set and echo
without -n to clear, as in the following example:
$ echo -n unconfined_u:object_r:user_home_t:s0 > /proc/$$/attr/fscreate
$ cat /proc/$$/attr/fscreate
unconfined_u:object_r:user_home_t:s0
$ echo "" > /proc/$$/attr/fscreate
$ cat /proc/$$/attr/fscreate

Note the use of /proc/$$ rather than /proc/self, as otherwise
the cat command will read its own attribute value, not that of the shell.

There are no users of this facility to my knowledge; possibly we
should just get rid of it.

UPDATE: Upon further investigation it appears that a local process
with the process:setfscreate permission can cause a kernel panic as a
result of this bug.  This patch fixes CVE-2017-2618.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: added the update about CVE-2017-2618 to the commit description]
Cc: stable@vger.kernel.org # 3.5: d6ea83ec68
Signed-off-by: Paul Moore <paul@paul-moore.com>

Signed-off-by: James Morris <james.l.morris@oracle.com>
Bug: 35136920
Upstream commit: 0c461cb727d146c9ef2d3e86214f498b78b7d125

Change-Id: I41ba111bd79f6f60306316eb6de0425b1b7d8d19
2017-09-02 18:04:09 +02:00
..
include selinux: extended permissions for ioctls 2016-04-19 04:29:11 -07:00
ss UPSTREAM: selinux: fix bug in conditional rules handling 2016-04-25 02:11:07 -07:00
.gitignore
avc.c selinux: extended permissions for ioctls 2016-04-19 04:29:11 -07:00
exports.c
hooks.c BACKPORT: UPSTREAM: selinux: fix off-by-one in setprocattr 2017-09-02 18:04:09 +02:00
Kconfig
Makefile
netif.c selinux: make the netif cache namespace aware 2015-08-12 18:30:03 -07:00
netlabel.c platform: msm: fix PFT for 64-bit 2014-07-06 13:51:12 +03:00
netlink.c platform: msm: fix PFT for 64-bit 2014-07-06 13:51:12 +03:00
netnode.c selinux: reduce the number of calls to synchronize_net() when flushing caches 2015-01-28 11:24:46 +05:30
netport.c selinux: reduce the number of calls to synchronize_net() when flushing caches 2015-01-28 11:24:46 +05:30
nlmsgtab.c selinux: nlmsgtab: add SOCK_DESTROY to the netlink mapping tables 2016-05-10 13:15:50 +05:30
selinuxfs.c move d_rcu from overlapping d_child to overlapping d_alias 2015-04-29 10:34:00 +02:00
xfrm.c selinux: look for IPsec labels on both inbound and outbound packets 2014-01-09 12:24:24 -08:00