diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-04-07 11:11:41 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-04-07 11:11:41 -0700 |
| commit | 3612605a5a5bc3d3ae0ec861328be8a2990f2c7a (patch) | |
| tree | 6c387085155874bdf15ff9eec539c15801880734 /fs | |
| parent | 62f8e6c5dcb6666e7da402aea28fcf846eea144c (diff) | |
| parent | df0ce17331e2501dbffc060041dfc6c5f85227b5 (diff) | |
| download | linux-3612605a5a5bc3d3ae0ec861328be8a2990f2c7a.tar.bz2 | |
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull general security layer updates from James Morris:
- Convert security hooks from list to hlist, a nice cleanup, saving
about 50% of space, from Sargun Dhillon.
- Only pass the cred, not the secid, to kill_pid_info_as_cred and
security_task_kill (as the secid can be determined from the cred),
from Stephen Smalley.
- Close a potential race in kernel_read_file(), by making the file
unwritable before calling the LSM check (vs after), from Kees Cook.
* 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
security: convert security hooks to use hlist
exec: Set file unwritable before LSM check
usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/exec.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/exec.c b/fs/exec.c index 7eb8d21bcab9..a919a827d181 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -895,13 +895,13 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size, if (!S_ISREG(file_inode(file)->i_mode) || max_size < 0) return -EINVAL; - ret = security_kernel_read_file(file, id); + ret = deny_write_access(file); if (ret) return ret; - ret = deny_write_access(file); + ret = security_kernel_read_file(file, id); if (ret) - return ret; + goto out; i_size = i_size_read(file_inode(file)); if (max_size > 0 && i_size > max_size) { |