kernel: Only expose su when daemon is running

It has been claimed that the PG implementation of 'su' has security vulnerabilities even when disabled. Unfortunately, the people that find these vulnerabilities often like to keep them private so they can profit from exploits while leaving users exposed to malicious hackers. In order to reduce the attack surface for vulnerabilites, it is therefore necessary to make 'su' completely inaccessible when it is not in use (except by the root and system users). Change-Id: I79716c72f74d0b7af34ec3a8054896c6559a181d Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
author: Tom Marshall <tdm.code@gmail.com> 2017-01-25 18:01:03 +0100
committer: Davide Garberi <dade.garberi@gmail.com> 2022-07-27 19:23:19 +0200
commit: 08ff8a2e58eb226015fa68d577121137a7e0953f (patch)
tree: 6804e0881c1588dd335fbcdacb7a46f2c95f412f /include/linux/dcache.h
parent: e604a08d460859ac6de5dff7a19f2340edcc7ae8 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/include/linux/dcache.h b/include/linux/dcache.h
index c066f6b56e58..d57e8a6c2f2c 100644
--- a/include/linux/dcache.h
+++ b/include/linux/dcache.h
@@ -522,6 +522,12 @@ static inline bool d_is_fallthru(const struct dentry *dentry)
 	return dentry->d_flags & DCACHE_FALLTHRU;
 }
 
+static inline bool d_is_su(const struct dentry *dentry)
+{
+	return dentry &&
+	       dentry->d_name.len == 2 &&
+	       !memcmp(dentry->d_name.name, "su", 2);
+}
 
 extern int sysctl_vfs_cache_pressure;
author	Tom Marshall <tdm.code@gmail.com>	2017-01-25 18:01:03 +0100
committer	Davide Garberi <dade.garberi@gmail.com>	2022-07-27 19:23:19 +0200
commit	08ff8a2e58eb226015fa68d577121137a7e0953f (patch)
tree	6804e0881c1588dd335fbcdacb7a46f2c95f412f /include/linux/dcache.h
parent	e604a08d460859ac6de5dff7a19f2340edcc7ae8 (diff)