lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Wed, 18 Jun 2014 22:23:45 -0400
From:	Richard Guy Briggs <rgb@...hat.com>
To:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc:	linux-audit@...hat.com, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	linux-ima-user@...ts.sourceforge.net, Mimi Zohar <zohar@...ibm.com>
Subject: Re: [Linux-ima-user] [PATCH] audit: fix dangling keywords in
 integrity ima message output

On 14/06/17, Mimi Zohar wrote:
> On Mon, 2014-06-16 at 15:52 -0400, Richard Guy Briggs wrote:
> > Replace spaces in op keyword labels in log output since userspace audit tools
> > can't parse orphaned keywords.
> 
> The patch didn't apply cleanly to linux-integrity/#next.  Please take a
> look at it (linux-integrity/#next-fixes).

Looks like just the change from "const char *op" to "static const char
op[]" in the context.  Looks fine to me.

> thanks,

Thanks Mimi.

> Mimi 
> 
> > Reported-by: Steve Grubb <sgrubb@...hat.com>
> > Signed-off-by: Richard Guy Briggs <rgb@...hat.com>
> > ---
> >  security/integrity/ima/ima_appraise.c |    2 +-
> >  security/integrity/ima/ima_policy.c   |    6 +++---
> >  2 files changed, 4 insertions(+), 4 deletions(-)
> > 
> > diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
> > index 734e946..61c95af 100644
> > --- a/security/integrity/ima/ima_appraise.c
> > +++ b/security/integrity/ima/ima_appraise.c
> > @@ -214,7 +214,7 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
> >  		hash_start = 1;
> >  	case IMA_XATTR_DIGEST:
> >  		if (iint->flags & IMA_DIGSIG_REQUIRED) {
> > -			cause = "IMA signature required";
> > +			cause = "IMA-signature-required";
> >  			status = INTEGRITY_FAIL;
> >  			break;
> >  		}
> > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> > index a9c3d3c..dbdc528 100644
> > --- a/security/integrity/ima/ima_policy.c
> > +++ b/security/integrity/ima/ima_policy.c
> > @@ -330,7 +330,7 @@ void __init ima_init_policy(void)
> >  void ima_update_policy(void)
> >  {
> >  	const char *op = "policy_update";
> > -	const char *cause = "already exists";
> > +	const char *cause = "already-exists";
> >  	int result = 1;
> >  	int audit_info = 0;
> > 
> > @@ -654,7 +654,7 @@ ssize_t ima_parse_add_rule(char *rule)
> >  	/* Prevent installed policy from changing */
> >  	if (ima_rules != &ima_default_rules) {
> >  		integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
> > -				    NULL, op, "already exists",
> > +				    NULL, op, "already-exists",
> >  				    -EACCES, audit_info);
> >  		return -EACCES;
> >  	}
> > @@ -680,7 +680,7 @@ ssize_t ima_parse_add_rule(char *rule)
> >  	if (result) {
> >  		kfree(entry);
> >  		integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
> > -				    NULL, op, "invalid policy", result,
> > +				    NULL, op, "invalid-policy", result,
> >  				    audit_info);
> >  		return result;
> >  	}

- RGB

--
Richard Guy Briggs <rbriggs@...hat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists