| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2006-08-02 | [SECURITY] secmark: nul-terminate secdata | James Morris | |
| The patch below fixes a problem in the iptables SECMARK target, where the user-supplied 'selctx' string may not be nul-terminated. From initial analysis, it seems that the strlen() called from selinux_string_to_sid() could run until it arbitrarily finds a zero, and possibly cause a kernel oops before then. The impact of this appears limited because the operation requires CAP_NET_ADMIN, which is essentially always root. Also, the module is not yet in wide use. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: David S. Miller <davem@davemloft.net> | |||
| 2006-06-17 | [SECMARK]: Add xtables SECMARK target | James Morris | |
| Add a SECMARK target to xtables, allowing the admin to apply security marks to packets via both iptables and ip6tables. The target currently handles SELinux security marking, but can be extended for other purposes as needed. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net> | |||
 |
index : Kernel | |
| My Linux kernel repository | Thomas White |
| aboutsummaryrefslogtreecommitdiff |