]> git.ipfire.org Git - people/arne_f/kernel.git/commit
projects / people / arne_f / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 270e84a) | patch
ima: fix ima_d_path() possible race with rename
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Tue, 17 Jan 2017 11:45:41 +0000 (06:45 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 12 Mar 2017 05:41:44 +0000 (06:41 +0100)
commitd9cc31683a16f5619217d80c3d8e608c23c41afc
tree68115d5b3adbcaf99f291bc20efe5906ae44ed9etree | snapshot
parent270e84a1e6effd6c0c6e9b13b196b5fdaa392954commit | diff
ima: fix ima_d_path() possible race with rename

commit bc15ed663e7e53ee4dc3e60f8d09c93a0528c694 upstream.

On failure to return a pathname from ima_d_path(), a pointer to
dname is returned, which is subsequently used in the IMA measurement
list, the IMA audit records, and other audit logging.  Saving the
pointer to dname for later use has the potential to race with rename.

Intead of returning a pointer to dname on failure, this patch returns
a pointer to a copy of the filename.

Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
security/integrity/ima/ima.h diff | blob | blame | history
security/integrity/ima/ima_api.c diff | blob | blame | history
security/integrity/ima/ima_main.c diff | blob | blame | history
Arne's tree of linux kernel.