diff options
author | David S. Miller <davem@davemloft.net> | 2008-11-06 22:43:03 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-11-06 22:43:03 -0800 |
commit | 9eeda9abd1faf489f3df9a1f557975f4c8650363 (patch) | |
tree | 3e0a58e25b776cfbee193195460324dccb1886c7 /security | |
parent | 61c9eaf90081cbe6dc4f389e0056bff76eca19ec (diff) | |
parent | 4bab0ea1d42dd1927af9df6fbf0003fc00617c50 (diff) | |
download | linux-stable-9eeda9abd1faf489f3df9a1f557975f4c8650363.tar.gz linux-stable-9eeda9abd1faf489f3df9a1f557975f4c8650363.tar.bz2 linux-stable-9eeda9abd1faf489f3df9a1f557975f4c8650363.zip |
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
Conflicts:
drivers/net/wireless/ath5k/base.c
net/8021q/vlan_core.c
Diffstat (limited to 'security')
-rw-r--r-- | security/commoncap.c | 6 | ||||
-rw-r--r-- | security/selinux/hooks.c | 8 |
2 files changed, 8 insertions, 6 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 399bfdb9e2da..3976613db829 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -279,10 +279,10 @@ static int get_file_caps(struct linux_binprm *bprm) struct vfs_cap_data vcaps; struct inode *inode; - if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) { - bprm_clear_caps(bprm); + bprm_clear_caps(bprm); + + if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) return 0; - } dentry = dget(bprm->file->f_dentry); inode = dentry->d_inode; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index aedf02b1345a..f3c4bc12fea3 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2126,14 +2126,16 @@ static inline void flush_unauthorized_files(struct files_struct *files) tty = get_current_tty(); if (tty) { file_list_lock(); - file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list); - if (file) { + if (!list_empty(&tty->tty_files)) { + struct inode *inode; + /* Revalidate access to controlling tty. Use inode_has_perm on the tty inode directly rather than using file_has_perm, as this particular open file may belong to another process and we are only interested in the inode-based check here. */ - struct inode *inode = file->f_path.dentry->d_inode; + file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list); + inode = file->f_path.dentry->d_inode; if (inode_has_perm(current, inode, FILE__READ | FILE__WRITE, NULL)) { drop_tty = 1; |