Akemi Yagi wrote:
Karanbir Singh wrote:
On 10/27/2011 04:57 AM, Tetsuo Handa wrote:
My apologies. I was misunderstanding. I was assuming that making changes in "struct security_operations" breaks the kABI. But it seems it does not.
excellent, lets do it then.
I see. Created http://bugs.centos.org/view.php?id=5219 for this topic.
As can be seen in that bug report, the centosplus kernel has had TOMOYO security module enabled since kernel-2.6.32-131.21.1.el6.
Handa-san, do you think it is a good idea to apply patches [1] referenced on the TOMOYO 2.2 page [2]?
Well, nobody has ever hit this race. But if carrying below patch does not bother toracat, it is nice to have below patch applied. ---------- [PATCH] TOMOYO: Fix race on updating profile's comment line.
commit 2a086e5d3a23570735f75b784d29b93068070833 upstream.
tomoyo_save_name() in tomoyo_write_profile() may return NULL. Therefore,
profile->comment ? profile->comment->name : ""
in tomoyo_read_profile() may race. Keep the old value rather than replace with empty string when out of memory error has occurred.
Signed-off-by: Xiaochen Wang wangxiaochen0@gmail.com Signed-off-by: Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp --- security/tomoyo/common.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
--- linux-2.6.32.49.orig/security/tomoyo/common.c +++ linux-2.6.32.49/security/tomoyo/common.c @@ -924,7 +924,11 @@ static int tomoyo_write_profile(struct t return -EINVAL; *cp = '\0'; if (!strcmp(data, "COMMENT")) { - profile->comment = tomoyo_save_name(cp + 1); + const struct tomoyo_path_info *new_comment + = tomoyo_save_name(cp + 1); + if (!new_comment) + return -ENOMEM; + profile->comment = new_comment; return 0; } for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) { ---------- Regards.