• Andrew Morton's avatar
    [PATCH] selinux: reopen descriptors closed on exec to /dev/null · def3f08e
    Andrew Morton authored
    From: Stephen Smalley <sds@epoch.ncsc.mil>
    
    This patch changes the SELinux module to try to reset any descriptors it
    closes on exec (due to a lack of permission by the new domain to the inherited
    open file) to refer to the null device.  This counters the problem of SELinux
    inducing program misbehavior, particularly due to having descriptors 0-2
    closed when the new domain is not allowed access to the caller's tty.  This is
    primarily to address the case where the caller is trusted with respect to the
    new domain, as the untrusted caller case is already handled via AT_SECURE and
    glibc secure mode.  The code is partly based on the OpenWall LSM, which in
    turn drew from the OpenWall kernel patch.  Note that the code does not
    guarantee that the descriptor is always re-opened to /dev/null; it merely
    makes a reasonable effort to do so, but can fail under various conditions.
    def3f08e
flask.h 3.57 KB