• Eric Paris's avatar
    Capabilities: BUG when an invalid capability is requested · 637d32dc
    Eric Paris authored
    If an invalid (large) capability is requested the capabilities system
    may panic as it is dereferencing an array of fixed (short) length.  Its
    possible (and actually often happens) that the capability system
    accidentally stumbled into a valid memory region but it also regularly
    happens that it hits invalid memory and BUGs.  If such an operation does
    get past cap_capable then the selinux system is sure to have problems as
    it already does a (simple) validity check and BUG.  This is known to
    happen by the broken and buggy firegl driver.
    
    This patch cleanly checks all capable calls and BUG if a call is for an
    invalid capability.  This will likely break the firegl driver for some
    situations, but it is the right thing to do.  Garbage into a security
    system gets you killed/bugged
    Signed-off-by: default avatarEric Paris <eparis@redhat.com>
    Acked-by: default avatarArjan van de Ven <arjan@linux.intel.com>
    Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
    Acked-by: default avatarAndrew G. Morgan <morgan@kernel.org>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    637d32dc
capability.c 13.4 KB