diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2016-11-18 09:30:38 -0500 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2016-11-20 17:13:19 -0500 |
commit | ea49d10eee5a220b717dbf2ee429c9e3d59c978c (patch) | |
tree | 6b6a7c4e7d0da8294e3c3fecc5f4db7ef10f0f62 /security | |
parent | 13457d073c29da92001f6ee809075eaa8757fb96 (diff) |
selinux: normalize input to /sys/fs/selinux/enforce
At present, one can write any signed integer value to
/sys/fs/selinux/enforce and it will be stored,
e.g. echo -1 > /sys/fs/selinux/enforce or echo 2 >
/sys/fs/selinux/enforce. This makes no real difference
to the kernel, since it only ever cares if it is zero or non-zero,
but some userspace code compares it with 1 to decide if SELinux
is enforcing, and this could confuse it. Only a process that is
already root and is allowed the setenforce permission in SELinux
policy can write to /sys/fs/selinux/enforce, so this is not considered
to be a security issue, but it should be fixed.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/selinuxfs.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 50fca204d3f1..cf9293e01fc1 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -163,6 +163,8 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, if (sscanf(page, "%d", &new_value) != 1) goto out; + new_value = !!new_value; + if (new_value != selinux_enforcing) { length = task_has_security(current, SECURITY__SETENFORCE); if (length) |