Re: [PATCH] capabilities: fix sys_prctl() returned uninitialized value

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Shi Weihua <shiwh@...>

To: Serge E. Hallyn <serue@...>

Cc: Andrew Morton <akpm@...>, <morgan@...>, <linux-security-module@...>, LKML <linux-kernel@...>, <jmorris@...>

Subject: Re: [PATCH] capabilities: fix sys_prctl() returned uninitialized value

Date: Wednesday, May 21, 2008 - 8:58 pm

Serge E. Hallyn wrote:
quoted text> Quoting Shi Weihua (shiwh@cn.fujitsu.com):
>> When we test kernel by the latest LTP(20080430) on ia64,
>> the following failure occured:
>> -------------------------------------
>> prctl01     1  PASS  :  Test Passed
>> prctl01     0  WARN  :  prctl() returned 2048 errno = 0 : Success
>> prctl01     1  PASS  :  Test Passed
>> prctl01     2  FAIL  :  Test Failed
>> -------------------------------------
>>
>> We found commit 3898b1b4ebff8dcfbcf1807e0661585e06c9a91c
>> causes this failure by git-bisect.
>> And, we found *rc_p has not been initialized if switch-default 
>> of the function cap_task_prctl()(security/commoncap.c). When *rc_p
>> uninitialized, sys_prctl() will return a wrong value.
>>
>> Signed-off-by: Shi Weihua <shiwh@cn.fujitsu.com> 
>> ---
>> diff --git a/security/commoncap.c b/security/commoncap.c
>> index 5edabc7..a4b28c8 100644
>> --- a/security/commoncap.c
>> +++ b/security/commoncap.c
>> @@ -649,6 +649,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
>>
>>  	default:
>>  		/* No functionality available - continue with default */
>> +		*rc_p = 0;
>>  		return 0;
>>  	}
> 
> No, this case here means that the capability module is not taking
> responsibility for this call.  So it should not be setting rc_p.

Ok, we noticed the comment as following in include/linux/security.h.
+ *      @rc_p contains a pointer to communicate back the forced return code
+ *     Return 0 if permission is granted, and non-zero if the security module
+ *      has taken responsibility (setting *rc_p) for the prctl call.

quoted text> 
> So you'll want to find another path in kernel/sys.c:sys_prctl()
> where error doesn't get set.  Do you know what 'i' was in prctl01
> at the time of failure?

'i' was 1 (PR_SET_PDEATHSIG).

I will create a new patch ASAP.

Thanks.

quoted text> 
> For instance, I notice that PR_SET_DUMPABLE doesn't set the value
> of error if arg2 is valid.  Also PR_SET_NAME and PR_GET_NAME
> don't set error.
> 
> -serge
> 
> 
> 

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] capabilities: fix sys_prctl() returned uninitialized..., Shi Weihua, (Wed May 21, 5:37 am)

Re: [PATCH] capabilities: fix sys_prctl() returned uninitial..., Serge E. Hallyn, (Wed May 21, 8:38 am)

Re: [PATCH] capabilities: fix sys_prctl() returned uninitial..., Shi Weihua, (Wed May 21, 8:58 pm)

Navigation

Popular discussions


linux-kernel:
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
James Bottomley	Re: Announce: Linux-next (Or Andrew's dream :-))
David Woodhouse	Re: [PATCH 2/3] firmware: convert korg1212 driver to use firmware loader exclusively
Kamalesh Babulal	Re: 2.6.24-rc8-mm1 Build Failure on S390x
git:

linux-netdev:
David Miller	[GIT]: Networking
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
KOSAKI Motohiro	[bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin"
openbsd-misc:

Colocation donated by:

Online users

sjayanthitrp

Syndicate