A quick Google search for "getpidcon(0" shows only the Android bug.

https://www.google.com/webhp#q=%22getpidcon(0%22

-- Nick

On Wed, Feb 24, 2016 at 6:49 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:

> On 02/23/2016 03:24 PM, Daniel Cashman wrote:
>
>> From: dcashman <dcash...@android.com>
>>
>> getpidcon documentation does not specify that a pid of 0 refers to the
>> current process, and getcon exists specifically to provide this
>> functionality, and getpidcon(getpid()) would provide it as well.
>> Disallow pid values <= 0 that may lead to unintended behavior in
>> userspace object managers.
>>
>
> I'll try to see if there are any legitimate users of getpidcon with pid ==
> 0.  If anyone on the list knows of one, please speak up.
>
>
>> Signed-off-by: Daniel Cashman <dcash...@android.com>
>> ---
>>   libselinux/src/procattr.c | 14 ++++++++++++--
>>   1 file changed, 12 insertions(+), 2 deletions(-)
>>
>> diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
>> index c20f003..eee4612 100644
>> --- a/libselinux/src/procattr.c
>> +++ b/libselinux/src/procattr.c
>> @@ -306,11 +306,21 @@ static int setprocattrcon(const char * context,
>>   #define getpidattr_def(fn, attr) \
>>         int get##fn##_raw(pid_t pid, char **c)  \
>>         { \
>> -               return getprocattrcon_raw(c, pid, #attr); \
>> +               if (pid <= 0) { \
>> +                       errno = EINVAL; \
>> +                       return -1; \
>> +               } else { \
>> +                       return getprocattrcon_raw(c, pid, #attr); \
>> +               } \
>>         } \
>>         int get##fn(pid_t pid, char **c)        \
>>         { \
>> -               return getprocattrcon(c, pid, #attr); \
>> +               if (pid <= 0) { \
>> +                       errno = EINVAL; \
>> +                       return -1; \
>> +               } else { \
>> +                       return getprocattrcon(c, pid, #attr); \
>> +               } \
>>         }
>>
>>   all_selfattr_def(con, current)
>>
>>
>


-- 
Nick Kralevich | Android Security | n...@google.com | 650.214.4037
_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Reply via email to