| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Jun 2014 20:02:58 -0400 From: Richard Guy Briggs <rgb@...hat.com> To: Mimi Zohar <zohar@...ux.vnet.ibm.com> Cc: linux-ima-user <linux-ima-user@...ts.sourceforge.net>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-audit@...hat.com Subject: Re: oraphaned keywords in audit log text [was: Re: [PATCH] integrity: get comm using lock to avoid race in string] printing On 14/04/02, Richard Guy Briggs wrote: > On 14/04/02, Mimi Zohar wrote: > > On Wed, 2014-04-02 at 14:18 -0400, Eric Paris wrote: > > > On Wed, 2014-04-02 at 14:12 -0400, Mimi Zohar wrote: > > > > On Wed, 2014-04-02 at 14:00 -0400, Steve Grubb wrote: > > > > > Hello Mimi, > > > > > > > > > > On Wednesday, April 02, 2014 01:39:47 PM Mimi Zohar wrote: > > > > > > This change is already being upstreamed as commit 73a6b44 "Integrity: > > > > > > Pass commname via get_task_comm()". > > > > > > > > > > While I was looking at Richard's patch, I noticed a few places where cause and > > > > > op are logged and the string isn't tied together with a _ or -. These are in > > > > > ima/ima_appraise.c line 383, and ima/ima_policy.c lines 333, 657, and 683. Are > > > > > these fixed upstream? Or should a patch be made? > > > > > > > > Nothing has changed in terms of 'cause' and 'op'. I would suggest > > > > making the changes in integrity_audit.c: integrity_audit_msg(). > > That function could massage incoming text fields and convert spaces to > hyphens or underscores, but I'd assume the right place to do it would be > in the original text. If you suggest the former, it could just be done > in audit_log_string(), but then grepping the source for error messages > would not be nearly as useful. Is this what you were suggesting? > > > > The question is actually, do you know of anyone who is expecting the > > > space, instead of a more 'audit standard' - or _ ? If not, we'll change > > > it. If so, we'll discuss more :) > > > > CC'ing linux-ima-user as well. > > Thanks. Was there any response from linux-ima-user? > > Mimi > > - RGB - RGB -- Richard Guy Briggs <rbriggs@...hat.com> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists