selinux: normalize input to /sys/fs/selinux/enforce At present, one can write any signed integer value to /sys/fs/selinux/enforce and it will be stored, e.g. echo -1 > /sys/fs/selinux/enforce or echo 2 > /sys/fs/selinux/enforce. This makes no real difference to the kernel, since it only ever cares if it is zero or non-zero, but some userspace code compares it with 1 to decide if SELinux is enforcing, and this could confuse it. Only a process that is already root and is allowed the setenforce permission in SELinux policy can write to /sys/fs/selinux/enforce, so this is not considered to be a security issue, but it should be fixed. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>

commit: ea49d10eee5a220b717dbf2ee429c9e3d59c978c [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Fri Nov 18 09:30:38 2016 -0500
committer: Paul Moore <paul@paul-moore.com> Sun Nov 20 17:13:19 2016 -0500
tree: 6b6a7c4e7d0da8294e3c3fecc5f4db7ef10f0f62
parent: 13457d073c29da92001f6ee809075eaa8757fb96 [diff] [blame]
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 50fca20..cf9293e 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c

@@ -163,6 +163,8 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
 	if (sscanf(page, "%d", &new_value) != 1)
 		goto out;
 
+	new_value = !!new_value;
+
 	if (new_value != selinux_enforcing) {
 		length = task_has_security(current, SECURITY__SETENFORCE);
 		if (length)
commit	ea49d10eee5a220b717dbf2ee429c9e3d59c978c	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Fri Nov 18 09:30:38 2016 -0500
committer	Paul Moore <paul@paul-moore.com>	Sun Nov 20 17:13:19 2016 -0500
tree	6b6a7c4e7d0da8294e3c3fecc5f4db7ef10f0f62
parent	13457d073c29da92001f6ee809075eaa8757fb96 [diff] [blame]