[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20070605163915.e9cc7bc8.akpm@linux-foundation.org>
Date: Tue, 5 Jun 2007 16:39:15 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Peter Zijlstra <a.p.zijlstra@...llo.nl>
Cc: linux-kernel@...r.kernel.org, parisc-linux@...ts.parisc-linux.org,
linux-mm@...ck.org, linux-arch@...r.kernel.org,
Ollie Wild <aaw@...gle.com>, Ingo Molnar <mingo@...e.hu>,
Andi Kleen <ak@...e.de>, linux-audit@...hat.com
Subject: Re: [PATCH 2/4] audit: rework execve audit
On Tue, 05 Jun 2007 17:05:25 +0200
Peter Zijlstra <a.p.zijlstra@...llo.nl> wrote:
> The purpose of audit_bprm() is to log the argv array to a userspace daemon at
> the end of the execve system call. Since user-space hasn't had time to run,
> this array is still in pristine state on the process' stack; so no need to copy
> it, we can just grab it from there.
>
> In order to minimize the damage to audit_log_*() copy each string into a
> temporary kernel buffer first.
>
> Currently the audit code requires that the full argument vector fits in a
> single packet. So currently it does clip the argv size to a (sysctl) limit, but
> only when execve auditing is enabled.
>
> If the audit protocol gets extended to allow for multiple packets this check
> can be removed.
>
> ...
>
Please try to avoid trigger-happiness with the BUG_ON()s..
> struct audit_aux_data_socketcall {
> @@ -834,6 +834,47 @@ static int audit_log_pid_context(struct
> return rc;
> }
>
> +static void audit_log_execve_info(struct audit_buffer *ab,
> + struct audit_aux_data_execve *axi)
> +{
> + int i;
> + long len;
> + const char __user *p = (const char __user *)axi->mm->arg_start;
> +
> + if (axi->mm != current->mm)
> + return; /* execve failed, no additional info */
> +
> + for (i = 0; i < axi->argc; i++, p += len) {
> + long ret;
> + char *tmp;
> +
> + len = strnlen_user(p, MAX_ARG_PAGES*PAGE_SIZE);
> + /*
> + * We just created this mm, if we can't find the strings
> + * we just copied in something is _very_ wrong.
> + */
> + BUG_ON(!len);
> +
> + tmp = kmalloc(len, GFP_KERNEL);
> + if (!tmp) {
> + audit_panic("out of memory for argv string\n");
> + break;
> + }
> +
> + ret = copy_from_user(tmp, p, len);
> + /*
> + * There is no reason for this copy to be short.
> + */
> + BUG_ON(ret);
You sure? What happens if another thread does munmap() in parallel?
I think I'll make this WARN_ON just out of principle.
> + audit_log_format(ab, "a%d=", i);
> + audit_log_untrustedstring(ab, tmp);
> + audit_log_format(ab, "\n");
> +
> + kfree(tmp);
> + }
> +}
> +
>
> ...
>
> ===================================================================
> --- linux-2.6-2.orig/fs/exec.c 2007-06-05 09:51:42.000000000 +0200
> +++ linux-2.6-2/fs/exec.c 2007-06-05 10:03:11.000000000 +0200
> @@ -1154,6 +1154,7 @@ int do_execve(char * filename,
> {
> struct linux_binprm *bprm;
> struct file *file;
> + unsigned long tmp;
> int retval;
> int i;
>
> @@ -1208,9 +1209,11 @@ int do_execve(char * filename,
> if (retval < 0)
> goto out;
>
> + tmp = bprm->p;
> retval = copy_strings(bprm->argc, argv, bprm);
> if (retval < 0)
> goto out;
> + bprm->argv_len = tmp - bprm->p;
--- a/include/linux/kernel.h~a
+++ a/include/linux/kernel.h
@@ -5,6 +5,8 @@
* 'kernel.h' contains some often-used function prototypes etc
*/
+#define tmp don't call your variables tmp!
+
#ifdef __KERNEL__
#include <stdarg.h>
_
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists