1
linux/security/selinux
Eric W. Biederman 98a27ba485 tty: introduce no_tty and use it in selinux
While researching the tty layer pid leaks I found a weird case in selinux when
we drop a controlling tty because of inadequate permissions we don't do the
normal hangup processing.  Which is a problem if it happens the session leader
has exec'd something that can no longer access the tty.

We already have code in the kernel to handle this case in the form of the
TIOCNOTTY ioctl.  So this patch factors out a helper function that is the
essence of that ioctl and calls it from the selinux code.

This removes the inconsistency in handling dropping of a controlling tty and
who knows it might even make some part of user space happy because it received
a SIGHUP it was expecting.

In addition since this removes the last user of proc_set_tty outside of
tty_io.c proc_set_tty is made static and removed from tty.h

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: James Morris <jmorris@namei.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-08 11:15:04 -07:00
..
include selinux: export initial SID contexts via selinuxfs 2007-04-26 01:36:00 -04:00
ss selinux: preserve boolean values across policy reloads 2007-04-26 01:36:13 -04:00
avc.c selinux: remove userland security class and permission definitions 2007-04-26 01:35:58 -04:00
exports.c [PATCH] selinux: rename selinux_ctxid_to_string 2006-09-26 08:48:52 -07:00
hooks.c tty: introduce no_tty and use it in selinux 2007-05-08 11:15:04 -07:00
Kconfig Still more typo fixes 2006-10-03 22:36:44 +02:00
Makefile SELinux: extract the NetLabel SELinux support from the security server 2007-04-26 01:35:48 -04:00
netif.c [PATCH] SELinux: convert to kzalloc 2005-10-30 17:37:11 -08:00
netlabel.c SELinux: extract the NetLabel SELinux support from the security server 2007-04-26 01:35:48 -04:00
netlink.c [NETLINK]: Switch cb_lock spinlock to mutex and allow to override it 2007-04-25 22:29:03 -07:00
nlmsgtab.c [IPv6] prefix: Convert RTM_NEWPREFIX notifications to use the new netlink api 2006-12-02 21:22:45 -08:00
selinuxfs.c selinux: change numbering of boolean directory inodes in selinuxfs 2007-04-26 01:36:11 -04:00
xfrm.c SELinux: peer secid consolidation for external network labeling 2006-12-02 21:24:14 -08:00