| 文件 | 最后提交记录 | 最后更新时间 |
|---|---|---|
treewide: Add SPDX license identifier - Makefile/Kconfig Add SPDX license identifiers to all Make/Kconfig files which: - Have no license information of any form These files fall under the project license, GPL v2 only. The resulting SPDX license identifier is: GPL-2.0-only Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 7 年前 | |
LSM: add SafeSetID module that gates setid calls SafeSetID gates the setid family of syscalls to restrict UID/GID transitions from a given UID/GID to only those approved by a system-wide whitelist. These restrictions also prohibit the given UIDs/GIDs from obtaining auxiliary privileges associated with CAP_SET{U/G}ID, such as allowing a user to set up user namespace UID mappings. For now, only gating the set*uid family of syscalls is supported, with support for set*gid coming in a future patch set. Signed-off-by: Micah Morton <mortonm@chromium.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com> | 7 年前 | |
SafeSetID: fix UID printed instead of GID pr_warn message clearly says that GID should be printed, but we have UID there. Let's fix that. Found accidentally during the work on isolated user namespaces. Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> [PM: fix spelling errors in description, subject tweak] Signed-off-by: Paul Moore <paul@paul-moore.com> | 3 年前 | |
LSM: SafeSetID: Mark safesetid_initialized as __initdata Mark safesetid_initialized as __initdata since it is only used in initialization routine. Signed-off-by: Austin Kim <austindh.kim@gmail.com> Signed-off-by: Micah Morton <mortonm@chromium.org> | 5 年前 | |
safesetid: check size of policy writes stable inclusion from stable-v6.6.78 commit 96fae5bd1589731592d30b3953a90a77ef3928a6 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IBX1M5 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=96fae5bd1589731592d30b3953a90a77ef3928a6 -------------------------------- [ Upstream commit f09ff307c7299392f1c88f763299e24bc99811c7 ] syzbot attempts to write a buffer with a large size to a sysfs entry with writes handled by handle_policy_update(), triggering a warning in kmalloc. Check the size specified for write buffers before allocating. Reported-by: syzbot+4eb7a741b3216020043a@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=4eb7a741b3216020043a Signed-off-by: Leo Stone <leocstone@gmail.com> [PM: subject tweak] Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 96fae5bd1589731592d30b3953a90a77ef3928a6) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> | 1 年前 |