diff options
| author |   Paul Moore <paul@paul-moore.com> | 2021-09-29 11:01:21 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2021-11-22 17:52:47 -0500 |
| commit | 6326948f940dc3f77066d5cdc44ba6afe67830c0 (patch) | |
| tree | 13976c9bfaedfc1105ac27a1efaf9c752d3949ee /security/integrity/ima/ima_appraise.c | |
| parent | Linux 5.16-rc1 (diff) | |
| download | linux-dev-6326948f940dc3f77066d5cdc44ba6afe67830c0.tar.xz linux-dev-6326948f940dc3f77066d5cdc44ba6afe67830c0.zip | |
lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()
The security_task_getsecid_subj() LSM hook invites misuse by allowing
callers to specify a task even though the hook is only safe when the
current task is referenced. Fix this by removing the task_struct
argument to the hook, requiring LSM implementations to use the
current task. While we are changing the hook declaration we also
rename the function to security_current_getsecid_subj() in an effort
to reinforce that the hook captures the subjective credentials of the
current task and not an arbitrary task on the system.
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/integrity/ima/ima_appraise.c')
| -rw-r--r-- | security/integrity/ima/ima_appraise.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index dbba51583e7c..17232bbfb9f9 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -76,7 +76,7 @@ int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, if (!ima_appraise) return 0; - security_task_getsecid_subj(current, &secid); + security_current_getsecid_subj(&secid); return ima_match_policy(mnt_userns, inode, current_cred(), secid, func, mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, NULL); |