All of lore.kernel.org
 help / color / mirror / Atom feed
From: jmorris@namei.org (James Morris)
To: linux-security-module@vger.kernel.org
Subject: [PATCH] fix security_release_secctx seems broken
Date: Thu, 5 Oct 2017 09:10:58 +1100 (AEDT)	[thread overview]
Message-ID: <alpine.LRH.2.21.1710050910300.28944@namei.org> (raw)
In-Reply-To: <ff77bdc9-e642-113d-dbde-f4d0770fff00@yandex-team.ru>

On Wed, 4 Oct 2017, Konstantin Khlebnikov wrote:

> Just "getcap /bin/ping" is enough to tigger leak if file has capabilities.
> Selinux shouldn't be loaded because its release_secctx hook call kfree.

Ahh, makes sense.

> 
> But sometimes it takes some time for kmemleak to find leak. Presumably
> because stale poiner stays on stack which could be reused nowdays.

Thanks for finding this!


-- 
James Morris
<jmorris@namei.org>

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

WARNING: multiple messages have this Message-ID (diff)
From: James Morris <jmorris@namei.org>
To: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Cc: Casey Schaufler <casey@schaufler-ca.com>,
	linux-kernel <linux-kernel@vger.kernel.org>,
	Serge Hallyn <serge@hallyn.com>,
	James Morris <james.l.morris@oracle.com>,
	LSM List <linux-security-module@vger.kernel.org>,
	Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: [PATCH] fix security_release_secctx seems broken
Date: Thu, 5 Oct 2017 09:10:58 +1100 (AEDT)	[thread overview]
Message-ID: <alpine.LRH.2.21.1710050910300.28944@namei.org> (raw)
In-Reply-To: <ff77bdc9-e642-113d-dbde-f4d0770fff00@yandex-team.ru>

On Wed, 4 Oct 2017, Konstantin Khlebnikov wrote:

> Just "getcap /bin/ping" is enough to tigger leak if file has capabilities.
> Selinux shouldn't be loaded because its release_secctx hook call kfree.

Ahh, makes sense.

> 
> But sometimes it takes some time for kmemleak to find leak. Presumably
> because stale poiner stays on stack which could be reused nowdays.

Thanks for finding this!


-- 
James Morris
<jmorris@namei.org>

  reply	other threads:[~2017-10-04 22:10 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-09-16 18:18 [BUG] security_release_secctx seems broken Konstantin Khlebnikov
2017-09-16 18:18 ` Konstantin Khlebnikov
2017-09-18 20:25 ` Casey Schaufler
2017-09-18 20:25   ` Casey Schaufler
2017-09-19  2:21   ` Casey Schaufler
2017-09-19  2:21     ` Casey Schaufler
2017-09-19 16:39   ` [PATCH] fix " Casey Schaufler
2017-09-19 16:39     ` Casey Schaufler
2017-09-20 11:48     ` Konstantin Khlebnikov
2017-09-20 11:48       ` Konstantin Khlebnikov
2017-10-04  6:17     ` James Morris
2017-10-04  6:17       ` James Morris
2017-10-04  9:29       ` Konstantin Khlebnikov
2017-10-04  9:29         ` Konstantin Khlebnikov
2017-10-04 22:10         ` James Morris [this message]
2017-10-04 22:10           ` James Morris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.LRH.2.21.1710050910300.28944@namei.org \
    --to=jmorris@namei.org \
    --cc=linux-security-module@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.