kernel_optimize_test/security/smack
Himanshu Shukla 2097f59920 smack: parse mnt opts after privileges check
In smack_set_mnt_opts()first the SMACK mount options are being
parsed and later it is being checked whether the user calling
mount has CAP_MAC_ADMIN capability.
This sequence of operationis will allow unauthorized user to add
SMACK labels in label list and may cause denial of security attack
by adding many labels by allocating kernel memory by unauthorized user.
Superblock smack flag is also being set as initialized though function
may return with EPERM error.
First check the capability of calling user then set the SMACK attributes
and smk_flags.

Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
2016-11-10 11:21:32 -08:00
..
Kconfig Smack: Signal delivery as an append operation 2016-09-08 13:22:56 -07:00
Makefile
smack_access.c vfs: make the string hashes salt the hash 2016-06-10 20:21:46 -07:00
smack_lsm.c smack: parse mnt opts after privileges check 2016-11-10 11:21:32 -08:00
smack_netfilter.c security: Use IS_ENABLED() instead of checking for built-in or module 2016-08-08 13:08:25 -04:00
smack.h Smack: Signal delivery as an append operation 2016-09-08 13:22:56 -07:00
smackfs.c Smack: Use memdup_user() rather than duplicating its implementation 2016-08-23 09:58:21 -07:00