-
Andrew Morton authored
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch changes the SELinux module to try to reset any descriptors it closes on exec (due to a lack of permission by the new domain to the inherited open file) to refer to the null device. This counters the problem of SELinux inducing program misbehavior, particularly due to having descriptors 0-2 closed when the new domain is not allowed access to the caller's tty. This is primarily to address the case where the caller is trusted with respect to the new domain, as the untrusted caller case is already handled via AT_SECURE and glibc secure mode. The code is partly based on the OpenWall LSM, which in turn drew from the OpenWall kernel patch. Note that the code does not guarantee that the descriptor is always re-opened to /dev/null; it merely makes a reasonable effort to do so, but can fail under various conditions.
def3f08e