GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-07-23 23:32:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

SELinux: Don't flush inherited SIGKILL during execve()

Browse source 
Don't flush inherited SIGKILL during execve() in SELinux's post cred commit
hook.  This isn't really a security problem: if the SIGKILL came before the
credentials were changed, then we were right to receive it at the time, and
should honour it; if it came after the creds were changed, then we definitely
should honour it; and in any case, all that will happen is that the process
will be scrapped before it ever returns to userspace.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
David Howells 2009-04-29 13:45:05 +01:00 committed by James Morris
parent 88c48db978
commit 3bcac0263f
3 changed files with 14 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

9
security/selinux/hooks.c
View file

@ -2394,11 +2394,12 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
memset(&itimer, 0, sizeof itimer);
for (i = 0; i < 3; i++)
do_setitimer(i, &itimer, NULL);
flush_signals(current);
spin_lock_irq(&current->sighand->siglock);
flush_signal_handlers(current, 1);
sigemptyset(&current->blocked);
recalc_sigpending();
if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
__flush_signals(current);
flush_signal_handlers(current, 1);
sigemptyset(&current->blocked);
}
spin_unlock_irq(&current->sighand->siglock);
}