diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-04-07 11:11:41 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-04-07 11:11:41 -0700 |
commit | 3612605a5a5bc3d3ae0ec861328be8a2990f2c7a (patch) | |
tree | 6c387085155874bdf15ff9eec539c15801880734 /kernel | |
parent | 62f8e6c5dcb6666e7da402aea28fcf846eea144c (diff) | |
parent | df0ce17331e2501dbffc060041dfc6c5f85227b5 (diff) | |
download | linux-3612605a5a5bc3d3ae0ec861328be8a2990f2c7a.tar.bz2 |
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull general security layer updates from James Morris:
- Convert security hooks from list to hlist, a nice cleanup, saving
about 50% of space, from Sargun Dhillon.
- Only pass the cred, not the secid, to kill_pid_info_as_cred and
security_task_kill (as the secid can be determined from the cred),
from Stephen Smalley.
- Close a potential race in kernel_read_file(), by making the file
unwritable before calling the LSM check (vs after), from Kees Cook.
* 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
security: convert security hooks to use hlist
exec: Set file unwritable before LSM check
usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/signal.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/kernel/signal.c b/kernel/signal.c index 47491aa3e790..d4ccea599692 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -770,7 +770,7 @@ static int check_kill_permission(int sig, struct siginfo *info, } } - return security_task_kill(t, info, sig, 0); + return security_task_kill(t, info, sig, NULL); } /** @@ -1361,7 +1361,7 @@ static int kill_as_cred_perm(const struct cred *cred, /* like kill_pid_info(), but doesn't use uid/euid of "current" */ int kill_pid_info_as_cred(int sig, struct siginfo *info, struct pid *pid, - const struct cred *cred, u32 secid) + const struct cred *cred) { int ret = -EINVAL; struct task_struct *p; @@ -1380,7 +1380,7 @@ int kill_pid_info_as_cred(int sig, struct siginfo *info, struct pid *pid, ret = -EPERM; goto out_unlock; } - ret = security_task_kill(p, info, sig, secid); + ret = security_task_kill(p, info, sig, cred); if (ret) goto out_unlock; |