mirror of https://github.com/torvalds/linux.git
6326948f94
The security_task_getsecid_subj() LSM hook invites misuse by allowing callers to specify a task even though the hook is only safe when the current task is referenced. Fix this by removing the task_struct argument to the hook, requiring LSM implementations to use the current task. While we are changing the hook declaration we also rename the function to security_current_getsecid_subj() in an effort to reinforce that the hook captures the subjective credentials of the current task and not an arbitrary task on the system. Reviewed-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
|---|---|---|
| .. | ||
| include | ||
| .gitignore | ||
| Kconfig | ||
| Makefile | ||
| apparmorfs.c | ||
| audit.c | ||
| capability.c | ||
| crypto.c | ||
| domain.c | ||
| file.c | ||
| ipc.c | ||
| label.c | ||
| lib.c | ||
| lsm.c | ||
| match.c | ||
| mount.c | ||
| net.c | ||
| nulldfa.in | ||
| path.c | ||
| policy.c | ||
| policy_ns.c | ||
| policy_unpack.c | ||
| policy_unpack_test.c | ||
| procattr.c | ||
| resource.c | ||
| secid.c | ||
| stacksplitdfa.in | ||
| task.c | ||