The attached patch fixes a bug in the LSM kernel patch that was causing the security attributes on struct file objects to be immediately clobbered after allocation (and a memory leak). To apply, save the patch to file_table.patch, change to the lsm directory and run 'patch -p1 < file_table.patch'.

--

Stephen D. Smalley, NAI Labs
ssmalley@nai.com

Index: lsm/fs/file_table.c
diff -u lsm/fs/file_table.c:1.3 lsm/fs/file_table.c:1.4
--- lsm/fs/file_table.c:1.3 Wed Jun 13 12:20:28 2001
+++ lsm/fs/file_table.c Wed Sep 5 16:12:41 2001 @@ -41,13 +41,13 @@

 		list_del(&f->f_list);
 		files_stat.nr_free_files--;
 	new_one:
+		memset(f, 0, sizeof(*f));
 		if (security_ops->file_ops->alloc_security(f)) {
 			list_add(&f->f_list, &free_list);
 			files_stat.nr_free_files++;
 			file_list_unlock();
 			return NULL;
 		}
-		memset(f, 0, sizeof(*f));
 		atomic_set(&f->f_count,1);
 		f->f_version = ++event;
 		f->f_uid = current->fsuid;

--

You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Thu 6 Sep 2001 - 10:34:44 EDT