linux/kernel
Al Viro 291041e935 fix bogus reporting of signals by audit
Async signals should not be reported as sent by current in audit log.  As
it is, we call audit_signal_info() too early in check_kill_permission().
Note that check_kill_permission() has that test already - it needs to know
if it should apply current-based permission checks.  So the solution is to
move the call of audit_signal_info() between those.

Bogosity in question is easily reproduced - add a rule watching for e.g.
kill(2) from specific process (so that audit_signal_info() would not
short-circuit to nothing), say load_policy, watch the bogus OBJ_PID entry
in audit logs claiming that write(2) on selinuxfs file issued by
load_policy(8) had somehow managed to send a signal to syslogd...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Steve Grubb <sgrubb@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-07 16:28:43 -07:00
..
irq request_irq: fix DEBUG_SHIRQ handling 2007-08-31 01:42:23 -07:00
power hibernation doesn't even build on frv - tons of helpers are missing 2007-09-26 09:22:04 -07:00
time Fix timer_stats printout of events/sec 2007-10-07 16:28:43 -07:00
.gitignore
acct.c Cleanup non-arch xtime uses, use get_seconds() or current_kernel_time(). 2007-07-25 10:09:20 -07:00
audit.c
audit.h
auditfilter.c [PATCH] allow audit filtering on bit & operations 2007-07-22 09:57:02 -04:00
auditsc.c kernel/auditsc.c: fix an off-by-one 2007-08-22 19:52:44 -07:00
capability.c
compat.c
configs.c
cpu.c PM: Fix dependencies of CONFIG_SUSPEND and CONFIG_HIBERNATION 2007-08-31 01:42:22 -07:00
cpuset.c
delayacct.c
die_notifier.c
dma.c
exec_domain.c
exit.c signalfd simplification 2007-09-20 13:19:59 -07:00
extable.c
fork.c signalfd simplification 2007-09-20 13:19:59 -07:00
futex_compat.c robust futex thread exit race 2007-10-01 07:52:23 -07:00
futex.c robust futex thread exit race 2007-10-01 07:52:23 -07:00
hrtimer.c Cache xtime every call to update_wall_time 2007-07-25 10:17:44 -07:00
itimer.c
kallsyms.c
Kconfig.hz
Kconfig.preempt [PATCH] sched: arch preempt notifier mechanism 2007-07-26 13:40:43 +02:00
kexec.c
kfifo.c
kmod.c Restore call_usermodehelper_pipe() behaviour 2007-09-11 17:21:20 -07:00
kprobes.c fix compilation with gcc 4.2 2007-08-11 15:47:42 -07:00
ksysfs.c FRV: Fix linkage problems 2007-07-20 12:01:34 -07:00
kthread.c kthread: silence bogus section mismatch warning 2007-07-31 15:39:42 -07:00
latency.c
lockdep_internals.h
lockdep_proc.c Fix leak on /proc/lockdep_stats 2007-07-31 15:39:40 -07:00
lockdep.c
Makefile
module.c Fix Off-by-one in /sys/module/*/refcnt 2007-08-22 14:35:35 -07:00
mutex-debug.c
mutex-debug.h
mutex.c
mutex.h
nsproxy.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
panic.c
params.c modules: better error messages when modules fail to load due to a sysfs problem. 2007-07-30 14:25:23 -07:00
pid.c
posix-cpu-timers.c
posix-timers.c posix-timers: fix creation race 2007-08-22 19:52:46 -07:00
printk.c fix - ensure we don't use bootconsoles after init has been released 2007-08-21 20:23:53 -07:00
profile.c fix compilation with gcc 4.2 2007-08-11 15:47:42 -07:00
ptrace.c Fix spurious syscall tracing after PTRACE_DETACH + PTRACE_ATTACH 2007-09-10 18:57:47 -07:00
rcupdate.c
rcutorture.c
relay.c Fix a use after free bug in kernel->userspace relay file support 2007-07-31 15:39:42 -07:00
resource.c
rtmutex_common.h
rtmutex-debug.c
rtmutex-debug.h
rtmutex-tester.c
rtmutex.c
rtmutex.h
rwsem.c
sched_debug.c sched: debug: fix sum_exec_runtime clearing 2007-09-05 14:32:49 +02:00
sched_fair.c sched: fix profile=sleep 2007-10-02 14:13:08 +02:00
sched_idletask.c sched: remove the 'u64 now' parameter from ->put_prev_task() 2007-08-09 11:16:49 +02:00
sched_rt.c sched: optimize task_tick_rt() a bit 2007-08-24 20:39:10 +02:00
sched_stats.h [PATCH] sched: add schedstat_set() API 2007-08-02 17:41:40 +02:00
sched.c sched: fix invalid sched_class use 2007-09-19 23:34:46 +02:00
seccomp.c
signal.c fix bogus reporting of signals by audit 2007-10-07 16:28:43 -07:00
softirq.c
softlockup.c
spinlock.c
srcu.c
stacktrace.c
stop_machine.c
sys_ni.c
sys.c Fix SMP poweroff hangs 2007-10-01 07:52:23 -07:00
sysctl.c sched: add /proc/sys/kernel/sched_compat_yield 2007-09-19 23:34:46 +02:00
taskstats.c
time.c Cleanup non-arch xtime uses, use get_seconds() or current_kernel_time(). 2007-07-25 10:09:20 -07:00
timer.c Pull ia64-clocksource into release branch 2007-07-20 11:26:47 -07:00
tsacct.c Cleanup non-arch xtime uses, use get_seconds() or current_kernel_time(). 2007-07-25 10:09:20 -07:00
uid16.c
user_namespace.c Fix user namespace exiting OOPs 2007-09-19 11:24:18 -07:00
user.c Fix user namespace exiting OOPs 2007-09-19 11:24:18 -07:00
utsname_sysctl.c
utsname.c Fix UTS corruption during clone(CLONE_NEWUTS) 2007-09-19 11:24:17 -07:00
wait.c
workqueue.c fix bogus hotplug cpu warning 2007-08-27 10:27:48 -07:00