diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2017-01-10 12:28:32 -0500 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2017-01-12 11:10:57 -0500 |
commit | 3a2f5a59a695a73e0cde9a61e0feae5fa730e936 (patch) | |
tree | 058704d18e909a2c0b46356c74d3c1156c2206aa /security/security.c | |
parent | b4ba35c75a0671a06b978b6386b54148efddf39f (diff) | |
download | op-kernel-dev-3a2f5a59a695a73e0cde9a61e0feae5fa730e936.zip op-kernel-dev-3a2f5a59a695a73e0cde9a61e0feae5fa730e936.tar.gz |
security,selinux,smack: kill security_task_wait hook
As reported by yangshukui, a permission denial from security_task_wait()
can lead to a soft lockup in zap_pid_ns_processes() since it only expects
sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can
in general lead to zombies; in the absence of some way to automatically
reparent a child process upon a denial, the hook is not useful. Remove
the security hook and its implementations in SELinux and Smack. Smack
already removed its check from its hook.
Reported-by: yangshukui <yangshukui@huawei.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/security.c')
-rw-r--r-- | security/security.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/security/security.c b/security/security.c index 32052f5..8c9fee5 100644 --- a/security/security.c +++ b/security/security.c @@ -1025,11 +1025,6 @@ int security_task_kill(struct task_struct *p, struct siginfo *info, return call_int_hook(task_kill, 0, p, info, sig, secid); } -int security_task_wait(struct task_struct *p) -{ - return call_int_hook(task_wait, 0, p); -} - int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) { @@ -1769,7 +1764,6 @@ struct security_hook_heads security_hook_heads = { .task_movememory = LIST_HEAD_INIT(security_hook_heads.task_movememory), .task_kill = LIST_HEAD_INIT(security_hook_heads.task_kill), - .task_wait = LIST_HEAD_INIT(security_hook_heads.task_wait), .task_prctl = LIST_HEAD_INIT(security_hook_heads.task_prctl), .task_to_inode = LIST_HEAD_INIT(security_hook_heads.task_to_inode), |