1. 06 May, 2009 13 commits
  2. 05 May, 2009 24 commits
  3. 04 May, 2009 3 commits
    • Stephen Smalley's avatar
      selinux: Fix send_sigiotask hook · 65c90bca
      Stephen Smalley authored
      The CRED patch incorrectly converted the SELinux send_sigiotask hook to
      use the current task SID rather than the target task SID in its
      permission check, yielding the wrong permission check.  This fixes the
      hook function.  Detected by the ltp selinux testsuite and confirmed to
      correct the test failure.
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      65c90bca
    • Jake Edge's avatar
      proc: avoid information leaks to non-privileged processes · f83ce3e6
      Jake Edge authored
      By using the same test as is used for /proc/pid/maps and /proc/pid/smaps,
      only allow processes that can ptrace() a given process to see information
      that might be used to bypass address space layout randomization (ASLR).
      These include eip, esp, wchan, and start_stack in /proc/pid/stat as well
      as the non-symbolic output from /proc/pid/wchan.
      
      ASLR can be bypassed by sampling eip as shown by the proof-of-concept
      code at http://code.google.com/p/fuzzyaslr/ As part of a presentation
      (http://www.cr0.org/paper/to-jt-linux-alsr-leak.pdf) esp and wchan were
      also noted as possibly usable information leaks as well.  The
      start_stack address also leaks potentially useful information.
      
      Cc: Stable Team <stable@kernel.org>
      Signed-off-by: default avatarJake Edge <jake@lwn.net>
      Acked-by: default avatarArjan van de Ven <arjan@linux.intel.com>
      Acked-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f83ce3e6
    • Marcel Holtmann's avatar
      Bluetooth: Fix issue with sysfs handling for connections · a67e899c
      Marcel Holtmann authored
      Due to a semantic changes in flush_workqueue() the current approach of
      synchronizing the sysfs handling for connections doesn't work anymore. The
      whole approach is actually fully broken and based on assumptions that are
      no longer valid.
      
      With the introduction of Simple Pairing support, the creation of low-level
      ACL links got changed. This change invalidates the reason why in the past
      two independent work queues have been used for adding/removing sysfs
      devices. The adding of the actual sysfs device is now postponed until the
      host controller successfully assigns an unique handle to that link. So
      the real synchronization happens inside the controller and not the host.
      
      The only left-over problem is that some internals of the sysfs device
      handling are not initialized ahead of time. This leaves potential access
      to invalid data and can cause various NULL pointer dereferences. To fix
      this a new function makes sure that all sysfs details are initialized
      when an connection attempt is made. The actual sysfs device is only
      registered when the connection has been successfully established. To
      avoid a race condition with the registration, the check if a device is
      registered has been moved into the removal work.
      
      As an extra protection two flush_work() calls are left in place to
      make sure a previous add/del work has been completed first.
      
      Based on a report by Marc Pignat <marc.pignat@hevs.ch>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Tested-by: default avatarJustin P. Mattock <justinmattock@gmail.com>
      Tested-by: default avatarRoger Quadros <ext-roger.quadros@nokia.com>
      Tested-by: default avatarMarc Pignat <marc.pignat@hevs.ch>
      a67e899c