linux

History

Eric Biggers 4aa68e07d8 KEYS: restrict /proc/keys by credentials at open time When checking for permission to view keys whilst reading from /proc/keys, we should use the credentials with which the /proc/keys file was opened. This is because, in a classic type of exploit, it can be possible to bypass checks for the current credentials by passing the file descriptor to a suid program. Following commit `34dbbcdbf6` ("Make file credentials available to the seqfile interfaces") we can finally fix it. So let's do it. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com>		2017-09-25 15:19:57 +01:00
..
apparmor	apparmor: Refactor to remove bprm_secureexec hook	2017-08-01 12:03:06 -07:00
integrity	Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2017-07-05 11:26:35 -07:00
keys	KEYS: restrict /proc/keys by credentials at open time	2017-09-25 15:19:57 +01:00
loadpin	security: mark LSM hooks as __ro_after_init	2017-03-06 11:00:15 +11:00
selinux	selinux/stable-4.14 PR 20170831	2017-09-12 13:21:00 -07:00
smack	This series has the ultimate goal of providing a sane stack rlimit when	2017-09-07 20:35:29 -07:00
tomoyo	exec: Rename bprm->cred_prepared to called_set_creds	2017-08-01 12:02:48 -07:00
yama	doc: ReSTify Yama.txt	2017-05-18 10:33:04 -06:00
commoncap.c	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace	2017-09-11 18:34:47 -07:00
device_cgroup.c	security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition	2015-09-03 18:13:10 -07:00
inode.c	securityfs: add the ability to support symlinks	2017-06-08 12:51:43 -07:00
Kconfig	include/linux/string.h: add the option of fortified string.h functions	2017-07-12 16:26:03 -07:00
lsm_audit.c	lsm_audit: update my email address	2017-08-17 15:33:39 -04:00
Makefile	LSM: LoadPin for kernel file loading restrictions	2016-04-21 10:47:27 +10:00
min_addr.c
security.c	selinux/stable-4.14 PR 20170831	2017-09-12 13:21:00 -07:00