Re: [PATCH 4.9 1/1] security,selinux,smack: kill security_task_wait hook

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alexander Grund <theflamefire89@gmail.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: stable@vger.kernel.org
Subject: Re: [PATCH 4.9 1/1] security,selinux,smack: kill security_task_wait hook
Date: Sat, 23 Jul 2022 10:37:10 +0200	[thread overview]
Message-ID: <f5b1e4e6-28bb-9c92-8939-e49db8cba0dd@gmail.com> (raw)
In-Reply-To: <20220711095608.4723-2-theflamefire89@gmail.com>

Hi Greg,

after the previous discussion about what kind of patches are acceptable for stable
and your hints on how to send them to the ML in https://lore.kernel.org/all/YsrfDfe3urGkepvJ@kroah.com/
I'd like to know if this patch meets the requirements and if it can be considered.

I do have a few more similar ones which I think meet the stable requirements
and finally the init-cleanup patch
(upstream 3dfc9b02864bt "LSM: Initialize security_hook_heads upon registration.")
which I'd like to backport to 4.9. But first I want to know whether I now got
the formal requirements right before sending further patches.

Thanks,
Alex

On 11.07.22 11:56, Alexander Grund wrote:
> From: Stephen Smalley <sds@tycho.nsa.gov>
> 
> commit 3a2f5a59a695a73e0cde9a61e0feae5fa730e936 upstream.
> 
> As reported by yangshukui, a permission denial from security_task_wait()
> can lead to a soft lockup in zap_pid_ns_processes() since it only expects
> sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can
> in general lead to zombies; in the absence of some way to automatically
> reparent a child process upon a denial, the hook is not useful.  Remove
> the security hook and its implementations in SELinux and Smack.  Smack
> already removed its check from its hook.
> 
> <snip>

next prev parent reply	other threads:[~2022-07-23  8:37 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-11  9:56 [PATCH 4.9 0/1] security,selinux,smack: kill security_task_wait hook Alexander Grund
2022-07-11  9:56 ` [PATCH 4.9 1/1] " Alexander Grund
2022-07-23  8:37   ` Alexander Grund [this message]
2022-07-23 14:47     ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f5b1e4e6-28bb-9c92-8939-e49db8cba0dd@gmail.com \
    --to=theflamefire89@gmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.