Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-10 15:19:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/security
History
Christian Göttsche 2d7f105edb security: keys: perform capable check only on privileged operations 
If the current task fails the check for the queried capability via
`capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message.
Issuing such denial messages unnecessarily can lead to a policy author
granting more privileges to a subject than needed to silence them.

Reorder CAP_SYS_ADMIN checks after the check whether the operation is
actually privileged.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2023-07-28 18:07:41 +00:00
..
apparmor
+ Bug Fixes
2023-07-07 09:55:31 -07:00
bpf
selinux: remove the runtime disable functionality
2023-03-20 12:34:23 -04:00
integrity
powerpc updates for 6.5
2023-06-30 09:20:08 -07:00
keys
security: keys: perform capable check only on privileged operations
2023-07-28 18:07:41 +00:00
landlock
hostfs: Fix ephemeral inodes
2023-06-12 21:26:19 +02:00
loadpin
sysctl-6.4-rc1
2023-04-27 16:52:33 -07:00
lockdown
selinux: remove the runtime disable functionality
2023-03-20 12:34:23 -04:00
safesetid
SafeSetID: fix UID printed instead of GID
2023-06-20 20:26:00 -04:00
selinux
selinux: avoid bool as identifier name
2023-06-05 17:04:01 -04:00
smack
smack: Record transmuting in smk_transmuted
2023-05-11 10:05:39 -07:00
tomoyo
mm/gup: remove vmas parameter from get_user_pages_remote()
2023-06-09 16:25:26 -07:00
yama
sysctl-6.4-rc1
2023-04-27 16:52:33 -07:00
commoncap.c
lsm: fix a number of misspellings
2023-05-25 17:52:15 -04:00
device_cgroup.c
device_cgroup: Fix kernel-doc warnings in device_cgroup
2023-06-21 09:30:49 -04:00
inode.c
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
Kconfig
mm/slab: remove HAVE_HARDENED_USERCOPY_ALLOCATOR
2023-05-24 15:38:17 +02:00
Kconfig.hardening
randstruct: disable Clang 15 support
2023-02-08 15:26:58 -08:00
lsm_audit.c
lsm: fix a number of misspellings
2023-05-25 17:52:15 -04:00
Makefile
security: remove unneeded subdir-$(CONFIG_...)
2021-09-03 08:17:20 +09:00
min_addr.c
sysctl: pass kernel pointers to ->proc_handler
2020-04-27 02:07:40 -04:00
security.c
lsm/stable-6.5 PR 20230626
2023-06-27 17:24:26 -07:00