lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 21 Mar 2018 04:47:58 -0400
From:   Richard Guy Briggs <rgb@...hat.com>
To:     Paul Moore <paul@...l-moore.com>
Cc:     Linux-Audit Mailing List <linux-audit@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Eric Paris <eparis@...hat.com>,
        Steve Grubb <sgrubb@...hat.com>,
        Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH ghak21 V3 2/2] audit: add refused symlink to audit_names

On 2018-03-20 16:11, Paul Moore wrote:
> On Wed, Mar 14, 2018 at 1:43 AM, Richard Guy Briggs <rgb@...hat.com> wrote:
> > Audit link denied events for symlinks had duplicate PATH records rather
> > than just updating the existing PATH record.  Update the symlink's PATH
> > record with the current dentry and inode information.
> >
> > See: https://github.com/linux-audit/audit-kernel/issues/21
> > Signed-off-by: Richard Guy Briggs <rgb@...hat.com>
> > ---
> >  fs/namei.c | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/fs/namei.c b/fs/namei.c
> > index 50d2533..00f5041 100644
> > --- a/fs/namei.c
> > +++ b/fs/namei.c
> > @@ -945,6 +945,7 @@ static inline int may_follow_link(struct nameidata *nd)
> >         if (nd->flags & LOOKUP_RCU)
> >                 return -ECHILD;
> >
> > +       audit_inode(nd->name, nd->stack[0].link.dentry, 0);
> >         audit_log_link_denied("follow_link", &nd->stack[0].link);
> 
> That's the one, right above this comment ...
> 
> Be honest, this never compiled did it?

As far as your view is concerned it wasn't.  It was compiled and tested,
but the fix ended up in the following patch in the branch that wasn't
included in this patchset so it effectively failed this bisection test.
The sample records were copied from the test and not cooked.  git add -p
and/or git rebase -i fumble.

> My confidence for these patches is really low right now, which is not
> good for something asking to go in at this stage in the -rcX
> development cycle.  There have been some delays due to review, so I'm
> willing to be a little flexible on timelines and accept stuff this
> week, but for the v4 patchset please provide before and after audit
> logs for both hard and soft links both where CWD is the same as the
> parent as well as different (eight logs total if I did the math
> right).  You can include them in the 0/2 patch as it's probably a bit
> much for the individual patches.

I'm very sorry to have wasted your time.  I know it is precious right now.

> >         return -EACCES;
> >  }
> 
> paul moore

- RGB

--
Richard Guy Briggs <rgb@...hat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ