leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ea49d10eee
linux/security/selinux
History
Stephen Smalley ea49d10eee selinux: normalize input to /sys/fs/selinux/enforce 
At present, one can write any signed integer value to
/sys/fs/selinux/enforce and it will be stored,
e.g. echo -1 > /sys/fs/selinux/enforce or echo 2 >
/sys/fs/selinux/enforce. This makes no real difference
to the kernel, since it only ever cares if it is zero or non-zero,
but some userspace code compares it with 1 to decide if SELinux
is enforcing, and this could confuse it. Only a process that is
already root and is allowed the setenforce permission in SELinux
policy can write to /sys/fs/selinux/enforce, so this is not considered
to be a security issue, but it should be fixed.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-11-20 17:13:19 -05:00
..
include selinux: drop SECURITY_SELINUX_POLICYDB_VERSION_MAX 2016-08-18 20:01:15 -04:00
ss Merge branch 'printk-cleanups' 2016-10-10 09:29:50 -07:00
.gitignore
avc.c Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next 2015-08-15 13:29:57 +10:00
exports.c selinux: sparse fix: include selinux.h in exports.c 2011-09-09 16:56:32 -07:00
hooks.c selinux: Clean up initialization of isec->sclass 2016-11-14 15:53:04 -05:00
Kconfig selinux: drop SECURITY_SELINUX_POLICYDB_VERSION_MAX 2016-08-18 20:01:15 -04:00
Makefile selinux: use absolute path to include directory 2016-01-28 10:37:15 -05:00
netif.c Merge commit 'v3.17' into next 2014-11-19 21:32:12 +11:00
netlabel.c calipso: Add a label cache. 2016-06-27 15:06:17 -04:00
netlink.c selinux: replace obsolete NLMSG_* with type safe nlmsg_* 2013-03-28 14:25:49 -04:00
netnode.c selinux: remove unused variabled in the netport, netnode, and netif caches 2014-08-07 20:55:30 -04:00
netport.c selinux: remove unused variabled in the netport, netnode, and netif caches 2014-08-07 20:55:30 -04:00
nlmsgtab.c rtnetlink: add new RTM_GETSTATS message to dump link stats 2016-04-20 15:43:42 -04:00
selinuxfs.c selinux: normalize input to /sys/fs/selinux/enforce 2016-11-20 17:13:19 -05:00
xfrm.c netfilter: Remove spurios included of netfilter.h 2015-06-18 21:14:32 +02:00