On Fri, Mar 09, 2018 at 03:39:13PM +0100, Petr Lautrbach wrote:
> On Fri, Mar 09, 2018 at 08:55:11AM -0500, Stephen Smalley wrote:
> > On 03/09/2018 07:25 AM, Petr Lautrbach wrote:
> > > On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote:
> > >> On Thu, Mar 8, 2018 at 8:34 PM, Stephen
On 3/9/2018 3:29 AM, Tetsuo Handa wrote:
> Casey Schaufler wrote:
>> 1/8: Add the smack subdirectory to /proc/.../attr
>> 2/8: Move management of cred security blobs to the LSM infrastructure
>> 3/8: Move management of file security blobs to the LSM infrastructure
>> 4/8: Move management of task
On 03/09/2018 10:39 AM, Vit Mojzis wrote:
> access() uses real UID instead of effective UID which causes false
> negative checks in setuid programs.
> Replace access() calls (mostly tests for file existence) by stat().
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186431
Thanks, I've
access() uses real UID instead of effective UID which causes false
negative checks in setuid programs.
Replace access() calls (mostly tests for file existence) by stat().
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186431
Signed-off-by: Vit Mojzis
---
On 03/09/2018 10:21 AM, Vit Mojzis wrote:
> access() uses real UID instead of effective UID which causes false
> negative checks in setuid programs.
> Replace access() calls (mostly tests for file existence) by stat().
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186431
>
>
access() uses real UID instead of effective UID which causes false
negative checks in setuid programs.
Replace access() calls (mostly tests for file existence) by stat().
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186431
Signed-off-by: Vit Mojzis
---
On Fri, Mar 09, 2018 at 08:55:11AM -0500, Stephen Smalley wrote:
> On 03/09/2018 07:25 AM, Petr Lautrbach wrote:
> > On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote:
> >> On Thu, Mar 8, 2018 at 8:34 PM, Stephen Smalley wrote:
> >>> On 03/06/2018 04:19 PM, Stephen
On 03/09/2018 07:25 AM, Petr Lautrbach wrote:
> On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote:
>> On Thu, Mar 8, 2018 at 8:34 PM, Stephen Smalley wrote:
>>> On 03/06/2018 04:19 PM, Stephen Smalley wrote:
On 03/05/2018 05:16 PM, Nicolas Iooss wrote:
>
On 03/09/2018 08:28 AM, Stephen Smalley wrote:
> On 03/09/2018 08:14 AM, Vit Mojzis wrote:
>>
>>
>> On 7.3.2018 15:59, Stephen Smalley wrote:
>>> On 03/06/2018 06:58 AM, Vit Mojzis wrote:
access() uses real UID instead of effective UID which causes false
negative checks in setuid
On 03/09/2018 08:14 AM, Vit Mojzis wrote:
>
>
> On 7.3.2018 15:59, Stephen Smalley wrote:
>> On 03/06/2018 06:58 AM, Vit Mojzis wrote:
>>> access() uses real UID instead of effective UID which causes false
>>> negative checks in setuid programs.
>>> Replace access(,F_OK) (i.e. tests for file
On 7.3.2018 15:59, Stephen Smalley wrote:
On 03/06/2018 06:58 AM, Vit Mojzis wrote:
access() uses real UID instead of effective UID which causes false
negative checks in setuid programs.
Replace access(,F_OK) (i.e. tests for file existence) by stat().
And access(,R_OK) by fopen(,"r")
Fixes:
Casey Schaufler wrote:
> 1/8: Add the smack subdirectory to /proc/.../attr
> 2/8: Move management of cred security blobs to the LSM infrastructure
> 3/8: Move management of file security blobs to the LSM infrastructure
> 4/8: Move management of task security blobs to the LSM infrastructure
> 5/8:
On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote:
> On Thu, Mar 8, 2018 at 8:34 PM, Stephen Smalley wrote:
> > On 03/06/2018 04:19 PM, Stephen Smalley wrote:
> >> On 03/05/2018 05:16 PM, Nicolas Iooss wrote:
> >>> libselinux and libsemanage Makefiles invoke
13 matches
Mail list logo