1
linux/security/apparmor
John Johansen 0421ea91dd apparmor: Fix change_onexec when called from a confined task
Fix failure in aa_change_onexec api when the request is made from a confined
task.  This failure was caused by two problems

 The AA_MAY_ONEXEC perm was not being mapped correctly for this case.

 The executable name was being checked as second time instead of using the
 requested onexec profile name, which may not be the same as the exec
 profile name. This mistake can not be exploited to grant extra permission
 because of the above flaw where the ONEXEC permission was not being mapped
 so it will not be granted.

BugLink: http://bugs.launchpad.net/bugs/963756

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2012-03-28 01:00:05 +11:00
..
include AppArmor: add const qualifiers to string arrays 2012-03-14 19:09:13 -07:00
.gitignore .gitignore: ignore apparmor/rlim_names.h 2010-10-21 10:12:35 +11:00
apparmorfs.c AppArmor: export known rlimit names/value mappings in securityfs 2012-02-27 11:38:19 -08:00
audit.c AppArmor: add const qualifiers to string arrays 2012-03-14 19:09:13 -07:00
capability.c AppArmor: mediation of non file objects 2010-08-02 15:38:35 +10:00
context.c AppArmor: contexts used in attaching policy to system objects 2010-08-02 15:35:12 +10:00
domain.c apparmor: Fix change_onexec when called from a confined task 2012-03-28 01:00:05 +11:00
file.c apparmor: Fix change_onexec when called from a confined task 2012-03-28 01:00:05 +11:00
ipc.c apparmor: sparse fix: include ipc.h 2011-09-09 16:56:27 -07:00
Kconfig apparmor: depends on NET 2010-08-05 07:36:51 -04:00
lib.c apparmor: sparse fix: add apparmor.h to lib.c 2011-09-09 16:56:28 -07:00
lsm.c Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security 2012-01-14 18:36:33 -08:00
Makefile AppArmor: Fix location of const qualifier on generated string tables 2012-03-19 18:22:46 -07:00
match.c AppArmor: Update dfa matching routines. 2012-03-14 06:15:24 -07:00
path.c AppArmor: Move path failure information into aa_get_name and rename 2012-03-14 06:15:25 -07:00
policy_unpack.c AppArmor: Add ability to load extended policy 2012-03-14 19:09:03 -07:00
policy.c AppArmor: add const qualifiers to string arrays 2012-03-14 19:09:13 -07:00
procattr.c apparmor: sparse fix: include procattr.h in procattr.c 2011-09-09 16:56:29 -07:00
resource.c AppArmor: export known rlimit names/value mappings in securityfs 2012-02-27 11:38:19 -08:00
sid.c AppArmor: core policy routines 2010-08-02 15:38:37 +10:00