On 1/2/2018 5:20 PM, Matthew Garrett wrote: > Right now most of the IMA code is using current->creds, but the LSM > checks are using security_task_getsecid() which ends up looking at > real_creds. Switch to using security_cred_getsecid() in order to make > this consistent. > > Signed-off-by: Matthew Garrett <[email protected]> > Cc: Paul Moore <[email protected]> > Cc: Stephen Smalley <[email protected]> > Cc: Eric Paris <[email protected]> > Cc: [email protected] > Cc: Casey Schaufler <[email protected]> > Cc: [email protected] > Cc: Mimi Zohar <[email protected]> > Cc: Dmitry Kasatkin <[email protected]> > Cc: [email protected] > --- > security/integrity/ima/ima_policy.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/security/integrity/ima/ima_policy.c > b/security/integrity/ima/ima_policy.c > index ee4613fa5840..52951ac445ea 100644 > --- a/security/integrity/ima/ima_policy.c > +++ b/security/integrity/ima/ima_policy.c > @@ -249,7 +249,6 @@ static void ima_lsm_update_rules(void) > static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, > enum ima_hooks func, int mask) > { > - struct task_struct *tsk = current; > const struct cred *cred = current_cred(); > int i; > > @@ -305,7 +304,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, > struct inode *inode, > case LSM_SUBJ_USER: > case LSM_SUBJ_ROLE: > case LSM_SUBJ_TYPE: > - security_task_getsecid(tsk, &sid); > + security_cred_getsecid(cred, &sid); > rc = security_filter_rule_match(sid,
security_filter_rule_match() is security_audit_rule_match() in sheep's clothing. Using the cred secid in this case, where the task secid is used elsewhere is going to lead to tears. It's going to make *me* cry as I work on untangling secids for stacking/namespaces. I can't predict how else it's going to bite us, but I'm betting on it. > rule->lsm[i].type, > Audit_equal,
