security_acct hook

From: Stephen Smalley (sds@private)
Date: Mon Mar 08 2004 - 12:06:13 PST

Next message: Chris Wright: "[PATCH] proper error cleanup on security_acct hook"

Previous message: Serge Hallyn: "New bsdjail.c"
Next in thread: Chris Wright: "[PATCH] proper error cleanup on security_acct hook"
Reply: Chris Wright: "[PATCH] proper error cleanup on security_acct hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

A colleague noticed that in 2.6, sys_acct does not properly clean up the
open file when the security_acct hook returns an error, and proposed the
patch below.  Look ok?

Index: linux-2.6/kernel/acct.c
===================================================================
RCS file: /nfshome/pal/CVS/linux-2.6/kernel/acct.c,v
retrieving revision 1.1.1.8
diff -u -r1.1.1.8 acct.c
--- linux-2.6/kernel/acct.c	20 Oct 2003 13:27:30 -0000	1.1.1.8
+++ linux-2.6/kernel/acct.c	8 Mar 2004 19:22:26 -0000
@@ -235,8 +235,11 @@
 	}
 
 	error = security_acct(file);
-	if (error)
+	if (error) {
+		if (file)
+			filp_close(file, NULL);
 		return error;
+	}
 
 	spin_lock(&acct_globals.lock);
 	acct_file_reopen(file);

-- 
Stephen Smalley <sds@private>
National Security Agency

Next message: Chris Wright: "[PATCH] proper error cleanup on security_acct hook"
Previous message: Serge Hallyn: "New bsdjail.c"
Next in thread: Chris Wright: "[PATCH] proper error cleanup on security_acct hook"
Reply: Chris Wright: "[PATCH] proper error cleanup on security_acct hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 08 2004 - 12:07:56 PST