summaryrefslogtreecommitdiff
path: root/include/linux/security.h
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2017-01-10 20:28:32 +0300
committerPaul Moore <paul@paul-moore.com>2017-01-12 19:10:57 +0300
commit3a2f5a59a695a73e0cde9a61e0feae5fa730e936 (patch)
tree058704d18e909a2c0b46356c74d3c1156c2206aa /include/linux/security.h
parentb4ba35c75a0671a06b978b6386b54148efddf39f (diff)
downloadlinux-3a2f5a59a695a73e0cde9a61e0feae5fa730e936.tar.xz
security,selinux,smack: kill security_task_wait hook
As reported by yangshukui, a permission denial from security_task_wait() can lead to a soft lockup in zap_pid_ns_processes() since it only expects sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can in general lead to zombies; in the absence of some way to automatically reparent a child process upon a denial, the hook is not useful. Remove the security hook and its implementations in SELinux and Smack. Smack already removed its check from its hook. Reported-by: yangshukui <yangshukui@huawei.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h6
1 files changed, 0 insertions, 6 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index f4ebac117fa6..d3868f2ebada 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -332,7 +332,6 @@ int security_task_getscheduler(struct task_struct *p);
int security_task_movememory(struct task_struct *p);
int security_task_kill(struct task_struct *p, struct siginfo *info,
int sig, u32 secid);
-int security_task_wait(struct task_struct *p);
int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5);
void security_task_to_inode(struct task_struct *p, struct inode *inode);
@@ -980,11 +979,6 @@ static inline int security_task_kill(struct task_struct *p,
return 0;
}
-static inline int security_task_wait(struct task_struct *p)
-{
- return 0;
-}
-
static inline int security_task_prctl(int option, unsigned long arg2,
unsigned long arg3,
unsigned long arg4,