TOMOYO Linux

ReleaseNoteA buffer overrun problem was discovered in ccs-patch-1.6.7-20090401.tar.gz ccs-patch-1.6.7-20090410.tar.gz ccs-patch-1.6.8-20090528.tar.gz when used with CONFIG_SLOB=y . Those who downloaded ccs-patch-1.6.7-20090401.tar.gz ... [More] ccs-patch-1.6.7-20090410.tar.gz ccs-patch-1.6.8-20090528.tar.gz , please update to ccs-patch-1.6.8-20100120.tar.gz ---------------------------------------- A severe memory consumption problem was discovered in ccs-patch-1.6.5-20081111.tar.gz . http://lists.sourceforge.jp/mailman/archives/tomoyo-users-en/2008-December/000011.html Those who downloaded ccs-patch-1.6.5-20081111.tar.gz , please update to ccs-patch-1.6.8-20100120.tar.gz . ChangeLogFix 2009/07/03 @ Fix buffer overrun when used with CONFIG_SLOB=y . Since 1.6.7 , ccs_allocate_execve_entry() was requesting for only 4000 bytes while the comment says it is 4096 bytes. This may lead to buffer overrun when slob allocator is used, for slob allocator allocates exactly 4000 bytes whereas slab and slub allocators allocate 4096 bytes. Fix 2009/09/25 @ Fix incorrect reference after ccs_try_alt_exec(). Since 1.6.0 , I forgot to update dentry/vfsmount reference inside ccs_try_alt_exec(). But this bug did not come out because nobody used old dentry/vfsmount after ccs_try_alt_exec(). Fix 2010/01/17 @ Use current domain's name for execute_handler audit log. Since 1.6.7 , /proc/ccs/grant_log was by error using next domain's name when auditing current domain's "execute_handler" line. @ Fix buffer contention. A permission like allow_env PATH if exec.envp["PATH"]="/" was not working since I was using the same buffer for both environment variable's name and value. Fix 2010/01/20 @ Use rcu_read_lock() for find_task_by_pid(). Since kernel 2.6.18 , caller of find_task_by_pid() needs to call rcu_read_lock() rather than read_lock(&tasklist_lock) because find_pid() uses RCU primitives but spinlock does not prevent RCU callback if preemptive RCU ( CONFIG_PREEMPT_RCU or CONFIG_TREE_PREEMPT_RCU ) is enabled. [Less]