rsbac-commit June 2023

rsbac-commit@rsbac.org

1 participants
31 discussions

linux-6.1.y 6.1.31 commit 2d7dc0e60f2f __sys_setresuid(), __sys_setresgid(): move RSBAC check before no-op
by Amon Ott 01 Jun '23

01 Jun '23

https://git.rsbac.org/cgi-bin/gitweb.cgi?p=linux-6.1.y.git;a=summary RSBAC for Linux 6.1 (Long Term) Current version: 6.1.31 commit 2d7dc0e60f2fd77cd2c6663d15e5385545308b6f Author: Amon Ott <ao(a)rsbac.org> Date: Thu Jun 1 07:45:04 2023 +0200 __sys_setresuid(), __sys_setresgid(): move RSBAC check before no-op check. The kernel no-op check bypasses the RSBAC check and notification, but in RSBAC, setresuid(getuid(), -1, -1) is security relevant and needs to update state. As a side effect, we now also check before the kernel capability check and might see more RSBAC messages as a result. kernel/sys.c | 138 ++++++++++++++++++++++++++++------------------------------- 1 file changed, 66 insertions(+), 72 deletions(-)

1 0

2025

2024

2023

2022

rsbac-commit June 2023