All of lore.kernel.org
 help / color / mirror / Atom feed
From: Paul Moore <paul@paul-moore.com>
To: John Johansen <john.johansen@canonical.com>
Cc: "Mickaël Salaün" <mic@digikod.net>,
	"Casey Schaufler" <casey@schaufler-ca.com>,
	"James Morris" <jmorris@namei.org>,
	"Serge E . Hallyn" <serge@hallyn.com>,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH 2/2] AppArmor: Fix lsm_get_self_attr()
Date: Mon, 13 May 2024 10:57:57 -0400	[thread overview]
Message-ID: <CAHC9VhRbHKkdtAC4JWFbWpj=T3MG7wPhH1EHhJomKu+pU6oCQA@mail.gmail.com> (raw)
In-Reply-To: <147b0637-7423-4abc-b7fe-3d8da2c1e57c@canonical.com>

On Fri, May 10, 2024 at 12:10 PM John Johansen
<john.johansen@canonical.com> wrote:
> On 2/27/24 08:01, Paul Moore wrote:
> > On Mon, Feb 26, 2024 at 2:59 PM Paul Moore <paul@paul-moore.com> wrote:
> >> On Fri, Feb 23, 2024 at 4:07 PM Paul Moore <paul@paul-moore.com> wrote:
> >>> On Fri, Feb 23, 2024 at 2:06 PM Mickaël Salaün <mic@digikod.net> wrote:
> >>>>
> >>>> aa_getprocattr() may not initialize the value's pointer in some case.
> >>>> As for proc_pid_attr_read(), initialize this pointer to NULL in
> >>>> apparmor_getselfattr() to avoid an UAF in the kfree() call.
> >>>>
> >>>> Cc: Casey Schaufler <casey@schaufler-ca.com>
> >>>> Cc: John Johansen <john.johansen@canonical.com>
> >>>> Cc: Paul Moore <paul@paul-moore.com>
> >>>> Cc: stable@vger.kernel.org
> >>>> Fixes: 223981db9baf ("AppArmor: Add selfattr hooks")
> >>>> Signed-off-by: Mickaël Salaün <mic@digikod.net>
> >>>> ---
> >>>>   security/apparmor/lsm.c | 2 +-
> >>>>   1 file changed, 1 insertion(+), 1 deletion(-)
> >>>
> >>> If you like John, I can send this up to Linus with the related SELinux
> >>> fix, I would just need an ACK from you.
> >>
> >> Reviewed-by: Paul Moore <paul@paul-moore.com>
> >>
> >> This patch looks good to me, and while we've still got at least two
> >> (maybe three?) more weeks before v6.8 is tagged, I think it would be
> >> good to get this up to Linus ASAP.  I'll hold off for another day, but
> >> if we don't see any comment from John I'll go ahead and merge this and
> >> send it up to Linus with the SELinux fix; I'm sure John wouldn't be
> >> happy if v6.8 went out the door without this fix.
> >
> > I just merged this into lsm/stable-6.8 and once the automated
> > build/test has done it's thing and come back clean I'll send this,
> > along with the associated SELinux fix, up to Linus.  Thanks all.
> >
> > John, if this commit is problematic please let me know and I'll send a
> > fix or a revert.
>
> sorry, I am still trying to dig out of my backlog. This is good, you can
> certainly have my ACK, I know its already in tree so no point in adding
> it there but wanted to just make sure its on list

No worries, reviews are still appreciated; just because a patch has
made its way up to Linus is no guarantee there isn't something wrong
with it ;)

-- 
paul-moore.com

  reply	other threads:[~2024-05-13 14:58 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-23 19:05 [PATCH 1/2] SELinux: Fix lsm_get_self_attr() Mickaël Salaün
2024-02-23 19:05 ` [PATCH 2/2] AppArmor: " Mickaël Salaün
2024-02-23 21:07   ` Paul Moore
2024-02-26 19:59     ` Paul Moore
2024-02-27 16:01       ` Paul Moore
2024-02-27 22:09         ` Paul Moore
2024-02-27 22:13           ` Paul Moore
2024-02-28 12:53             ` Mickaël Salaün
2024-05-10 16:10         ` John Johansen
2024-05-13 14:57           ` Paul Moore [this message]
2024-02-23 19:16 ` [PATCH 1/2] SELinux: " Mickaël Salaün
2024-02-23 20:47   ` Paul Moore
2024-02-23 19:59 ` Mickaël Salaün
2024-02-23 20:03   ` Mickaël Salaün
2024-02-23 21:05     ` Paul Moore
2024-02-23 22:03       ` Mickaël Salaün
2024-02-23 22:21         ` Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAHC9VhRbHKkdtAC4JWFbWpj=T3MG7wPhH1EHhJomKu+pU6oCQA@mail.gmail.com' \
    --to=paul@paul-moore.com \
    --cc=casey@schaufler-ca.com \
    --cc=jmorris@namei.org \
    --cc=john.johansen@canonical.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mic@digikod.net \
    --cc=serge@hallyn.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.