linux-toradex.git/security/tomoyo, branch v3.0-rc4

TOMOYO: Fix oops in tomoyo_mount_acl().

2011-06-14T05:18:42+00:00

In tomoyo_mount_acl() since 2.6.36, kern_path() was called without checking
dev_name != NULL. As a result, an unprivileged user can trigger oops by issuing
mount(NULL, "/", "ext3", 0, NULL) request.
Fix this by checking dev_name != NULL before calling kern_path(dev_name).

Signed-off-by: Tetsuo Handa 
Cc: stable@kernel.org
Signed-off-by: James Morris

TOMOYO: Fix wrong domainname validation.

2011-05-12T01:07:21+00:00

In tomoyo_correct_domain() since 2.6.36, TOMOYO was by error validating
"" + "/foo/\" + "/bar" when " /foo/\* /bar" was given.
As a result, legal domainnames like " /foo/\* /bar" are rejected.

Reported-by: Hayama Yossihiro 
Signed-off-by: Tetsuo Handa 
Signed-off-by: James Morris

TOMOYO: Fix refcount leak in tomoyo_mount_acl().

2011-04-20T00:16:21+00:00

In tomoyo_mount_acl() since 2.6.36, reference to device file (e.g. /dev/sda1)
was leaking.

Signed-off-by: Tetsuo Handa 
Signed-off-by: James Morris

Merge branch 'master'; commit 'v2.6.39-rc3' into next

2011-04-19T11:32:41+00:00

TOMOYO: Fix infinite loop bug when reading /sys/kernel/security/tomoyo/audit

2011-04-18T23:37:12+00:00

In tomoyo_flush(), head->r.w[0] holds pointer to string data to be printed.
But head->r.w[0] was updated only when the string data was partially
printed (because head->r.w[0] will be updated by head->r.w[1] later if
completely printed). However, regarding /sys/kernel/security/tomoyo/query ,
an additional '\0' is printed after the string data was completely printed.
But if free space for read buffer became 0 before printing the additional '\0',
tomoyo_flush() was returning without updating head->r.w[0]. As a result,
tomoyo_flush() forever reprints already printed string data.

Signed-off-by: Tetsuo Handa 
Signed-off-by: James Morris

TOMOYO: Don't add / for allow_unmount permission check.

2011-04-18T23:37:09+00:00

"mount --bind /path/to/file1 /path/to/file2" is legal. Therefore,
"umount /path/to/file2" is also legal. Do not automatically append trailing '/'
if pathname to be unmounted does not end with '/'.

Signed-off-by: Tetsuo Handa 
Signed-off-by: James Morris

TOMOYO: Fix race on updating profile's comment line.

2011-04-18T23:37:06+00:00

In tomoyo_write_profile() since 2.6.34, a lock was by error missing when
replacing profile's comment line. If multiple threads attempted

  echo '0-COMMENT=comment' > /sys/kernel/security/tomoyo/profile

in parallel, garbage collector will fail to kfree() the old value.
Protect the replacement using a lock. Also, keep the old value rather than
replace with empty string when out of memory error has occurred.

Signed-off-by: Xiaochen Wang 
Signed-off-by: Tetsuo Handa 
Signed-off-by: James Morris

Fix common misspellings

2011-03-31T14:26:23+00:00

Fixes generated by 'codespell' and manually reviewed.

Signed-off-by: Lucas De Marchi

tomoyo: fix memory leak in tomoyo_commit_ok()

2011-03-30T23:25:06+00:00

When memory used for policy exceeds the quota, tomoyo_memory_ok() return false.
In this case, tomoyo_commit_ok() must call kfree() before returning NULL.
This bug exists since 2.6.35.

Signed-off-by: Xiaochen Wang 
Acked-by: Tetsuo Handa 
Signed-off-by: James Morris

TOMOYO: Fix memory leak upon file open.

2011-03-02T23:13:26+00:00

In tomoyo_check_open_permission() since 2.6.36, TOMOYO was by error
recalculating already calculated pathname when checking allow_rewrite
permission. As a result, memory will leak whenever a file is opened for writing
without O_APPEND flag. Also, performance will degrade because TOMOYO is
calculating pathname regardless of profile configuration.
This patch fixes the leak and performance degrade.

Signed-off-by: Tetsuo Handa 
Signed-off-by: James Morris