lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1368408162.929.17.camel@localhost>
Date:	Sun, 12 May 2013 21:22:42 -0400
From:	Eric Paris <eparis@...hat.com>
To:	Steve Grubb <sgrubb@...hat.com>
Cc:	linux-audit@...hat.com, Richard Guy Briggs <rgb@...hat.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Al Viro <viro@...iv.linux.org.uk>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] [BZ905179] audit: omit check for uid and gid validity
 in audit rules and data

On Thu, 2013-05-09 at 09:29 -0400, Steve Grubb wrote:
> On Tuesday, April 16, 2013 03:38:23 PM Richard Guy Briggs wrote:
> > On Tue, Apr 09, 2013 at 02:39:32AM -0700, Eric W. Biederman wrote:
> > > Andrew Morton <akpm@...ux-foundation.org> writes:
> > > > On Wed, 20 Mar 2013 15:18:17 -0400 Richard Guy Briggs <rgb@...hat.com> 
> wrote:
> > > >> audit rule additions containing "-F auid!=4294967295" were failing with
> > > >> EINVAL.> 
> > > The only case where this appears to make the least little bit of sense
> > > is if the goal of the test is to test to see if an audit logloginuid
> > > has been set at all.  In which case depending on a test against
> > > 4294967295 is bogus because you are depending on an intimate internal
> > > kernel implementation detail.
> > > 
> > > How about something like my untested patch below that add an explicit
> > > operation to test if loginuid has been set?
> > 
> > Sorry for the delay in testing this, I had another urgent bug and a
> > belligerent test box...
> > 
> > I like this approach better than mine now that I understand it.  I've
> > tested the patch below without any changes.  It works as expected with
> > my previous test case.  I don't know if a Signed-off-by: is appropriate
> > for me in this case, but I'll throw in a:
> > 
> > Tested-by: Richard Guy Briggs <rbriggs@...hat.com>
> > 
> > and recommend a:
> > 
> > Reported-By: Steve Grubb <sbrubb@...hat.com>
> 
> If this is the approved patch, can it be put in stable? The audit system 
> hasn't worked as intended since January.

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/kernel/auditsc.c?id=780a7654cee8d61819512385e778e4827db4bfbc

Should be queued for 3.7 and later now.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ