summaryrefslogtreecommitdiff
path: root/security/selinux
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2007-05-08 07:26:56 (GMT)
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-05-08 18:15:04 (GMT)
commit98a27ba485c7508ef9d9527fe06e4686f3a163dc (patch)
tree73d5dca7f1b5120ecf1bbcc664094044bc35dc56 /security/selinux
parent2a65f1d9fe78475720bd8f0e0fbbf1973b1b5ac2 (diff)
downloadlinux-98a27ba485c7508ef9d9527fe06e4686f3a163dc.tar.xz
tty: introduce no_tty and use it in selinux
While researching the tty layer pid leaks I found a weird case in selinux when we drop a controlling tty because of inadequate permissions we don't do the normal hangup processing. Which is a problem if it happens the session leader has exec'd something that can no longer access the tty. We already have code in the kernel to handle this case in the form of the TIOCNOTTY ioctl. So this patch factors out a helper function that is the essence of that ioctl and calls it from the selinux code. This removes the inconsistency in handling dropping of a controlling tty and who knows it might even make some part of user space happy because it received a SIGHUP it was expecting. In addition since this removes the last user of proc_set_tty outside of tty_io.c proc_set_tty is made static and removed from tty.h Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: James Morris <jmorris@namei.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 885a9a9..fa9dbb6 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1758,12 +1758,11 @@ static inline void flush_unauthorized_files(struct files_struct * files)
}
}
file_list_unlock();
-
- /* Reset controlling tty. */
- if (drop_tty)
- proc_set_tty(current, NULL);
}
mutex_unlock(&tty_mutex);
+ /* Reset controlling tty. */
+ if (drop_tty)
+ no_tty();
/* Revalidate access to inherited open files. */