From 98a27ba485c7508ef9d9527fe06e4686f3a163dc Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Tue, 8 May 2007 00:26:56 -0700 Subject: tty: introduce no_tty and use it in selinux While researching the tty layer pid leaks I found a weird case in selinux when we drop a controlling tty because of inadequate permissions we don't do the normal hangup processing. Which is a problem if it happens the session leader has exec'd something that can no longer access the tty. We already have code in the kernel to handle this case in the form of the TIOCNOTTY ioctl. So this patch factors out a helper function that is the essence of that ioctl and calls it from the selinux code. This removes the inconsistency in handling dropping of a controlling tty and who knows it might even make some part of user space happy because it received a SIGHUP it was expecting. In addition since this removes the last user of proc_set_tty outside of tty_io.c proc_set_tty is made static and removed from tty.h Signed-off-by: Eric W. Biederman Acked-by: Alan Cox Cc: James Morris Cc: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/hooks.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'security/selinux') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 885a9a9..fa9dbb6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1758,12 +1758,11 @@ static inline void flush_unauthorized_files(struct files_struct * files) } } file_list_unlock(); - - /* Reset controlling tty. */ - if (drop_tty) - proc_set_tty(current, NULL); } mutex_unlock(&tty_mutex); + /* Reset controlling tty. */ + if (drop_tty) + no_tty(); /* Revalidate access to inherited open files. */ -- cgit v1.1