• Mimi Zohar's avatar
    ima: fix ima_d_path() possible race with rename · bc15ed66
    Mimi Zohar authored
    On failure to return a pathname from ima_d_path(), a pointer to
    dname is returned, which is subsequently used in the IMA measurement
    list, the IMA audit records, and other audit logging.  Saving the
    pointer to dname for later use has the potential to race with rename.
    
    Intead of returning a pointer to dname on failure, this patch returns
    a pointer to a copy of the filename.
    Reported-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
    Cc: stable@vger.kernel.org
    bc15ed66
ima_api.c 9.7 KB