lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150114210951.GO29998@madcap2.tricolour.ca>
Date:	Wed, 14 Jan 2015 16:09:51 -0500
From:	Richard Guy Briggs <rgb@...hat.com>
To:	Paul Moore <pmoore@...hat.com>
Cc:	linux-audit@...hat.com, viro@...iv.linux.org.uk,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 3/5] audit: enable filename recording via
 getname_kernel()

On 15/01/08, Paul Moore wrote:
> Enable recording of filenames in getname_kernel() and remove the
> kludgy workaround in __audit_inode() now that we have proper filename
> logging for kernel users.
> 
> Signed-off-by: Paul Moore <pmoore@...hat.com>

Reviewed-by: Richard Guy Briggs <rgb@...hat.com>

> ---
>  fs/namei.c       |    1 +
>  kernel/auditsc.c |   40 +++-------------------------------------
>  2 files changed, 4 insertions(+), 37 deletions(-)
> 
> diff --git a/fs/namei.c b/fs/namei.c
> index c3d21b7..1c0d4c7 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -242,6 +242,7 @@ getname_kernel(const char * filename)
>  	strlcpy((char *)result->name, filename, len);
>  	result->uptr = NULL;
>  	result->aname = NULL;
> +	audit_getname(result);
>  
>  	return result;
>  }
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 793e9e9..c967ffc 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1882,44 +1882,10 @@ out_alloc:
>  	n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN);
>  	if (!n)
>  		return;
> -	/* unfortunately, while we may have a path name to record with the
> -	 * inode, we can't always rely on the string lasting until the end of
> -	 * the syscall so we need to create our own copy, it may fail due to
> -	 * memory allocation issues, but we do our best */
> -	if (name) {
> -		/* we can't use getname_kernel() due to size limits */
> -		size_t len = strlen(name->name) + 1;
> -		struct filename *new = __getname();
> -
> -		if (unlikely(!new))
> -			goto out;
> +	if (name)
> +		/* no need to set ->name_put as the original will cleanup */
> +		n->name = name;
>  
> -		if (len <= (PATH_MAX - sizeof(*new))) {
> -			new->name = (char *)(new) + sizeof(*new);
> -			new->separate = false;
> -		} else if (len <= PATH_MAX) {
> -			/* this looks odd, but is due to final_putname() */
> -			struct filename *new2;
> -
> -			new2 = kmalloc(sizeof(*new2), GFP_KERNEL);
> -			if (unlikely(!new2)) {
> -				__putname(new);
> -				goto out;
> -			}
> -			new2->name = (char *)new;
> -			new2->separate = true;
> -			new = new2;
> -		} else {
> -			/* we should never get here, but let's be safe */
> -			__putname(new);
> -			goto out;
> -		}
> -		strlcpy((char *)new->name, name->name, len);
> -		new->uptr = NULL;
> -		new->aname = n;
> -		n->name = new;
> -		n->name_put = true;
> -	}
>  out:
>  	if (parent) {
>  		n->name_len = n->name ? parent_len(n->name->name) : AUDIT_NAME_FULL;
> 
> --
> Linux-audit mailing list
> Linux-audit@...hat.com
> https://www.redhat.com/mailman/listinfo/linux-audit

- RGB

--
Richard Guy Briggs <rbriggs@...hat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ