lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20120220082223.GF30810@elte.hu>
Date:	Mon, 20 Feb 2012 09:22:23 +0100
From:	Ingo Molnar <mingo@...e.hu>
To:	Kees Cook <keescook@...omium.org>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, Randy Dunlap <rdunlap@...otime.net>,
	Alexander Viro <viro@...iv.linux.org.uk>,
	linux-doc@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	kernel-hardening@...ts.openwall.com
Subject: Re: [PATCH] fs: hardlink creation restrictions


* Kees Cook <keescook@...omium.org> wrote:

> >> +#ifdef CONFIG_AUDIT
> >> +     if (error) {
> >> +             struct audit_buffer *ab;
> >> +
> >> +             ab = audit_log_start(current->audit_context,
> >> +                                  GFP_KERNEL, AUDIT_AVC);
> >> +             audit_log_format(ab, "op=linkat action=denied");
> >> +             audit_log_format(ab, " pid=%d comm=", current->pid);
> >> +             audit_log_untrustedstring(ab, current->comm);
> >> +             audit_log_d_path(ab, " path=", old_path);
> >> +             audit_log_format(ab, " dev=");
> >> +             audit_log_untrustedstring(ab, inode->i_sb->s_id);
> >> +             audit_log_format(ab, " ino=%lu", inode->i_ino);
> >> +             audit_log_end(ab);
> >> +     }
> >> +#endif
> >
> > Small detail: don't these audit methods map to nothing on
> > !CONFIG_AUDIT, allowing the #ifdef to be dropped? (if not then
> > it should really be so.)
> 
> Ah-ha; a more careful look at audit.h agrees. :) I'll adjust 
> this as well.

Another detail, I'd also stick those logging lines into a 
separate inline function right before the linkat function, so 
that the logging details do not obscure the main flow of VFS 
logic:

	if (error)
		audit_log_linkat_denied(current, old_path, inode);

... or so. People reading this function won't be interested in 
the logging details 99.9% of the time.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ