| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhRU-Qss41CnV3mE32tXmZ3FQpy++t4yPUkh9CjuAzxYCA@mail.gmail.com>
Date: Thu, 3 Jan 2019 15:10:31 -0500
From: Paul Moore <paul@...l-moore.com>
To: Richard Guy Briggs <rgb@...hat.com>
Cc: containers@...ts.linux-foundation.org, linux-api@...r.kernel.org,
linux-audit@...hat.com, linux-kernel@...r.kernel.org,
ebiederm@...ssion.com, luto@...nel.org, dhowells@...hat.com,
viro@...iv.linux.org.uk, simo@...hat.com,
Eric Paris <eparis@...isplace.org>,
Serge Hallyn <serge@...lyn.com>
Subject: Re: [PATCH ghak90 (was ghak32) V4 01/10] audit: collect audit task parameters
On Thu, Nov 1, 2018 at 6:07 PM Richard Guy Briggs <rgb@...hat.com> wrote:
> On 2018-10-19 19:15, Paul Moore wrote:
> > On Sun, Aug 5, 2018 at 4:32 AM Richard Guy Briggs
<rgb@...hat.com> wrote:
> > > The audit-related parameters in struct task_struct
should ideally be
> > > collected together and accessed through a standard audit API.
> > >
> > > Collect the existing loginuid, sessionid and
audit_context together in a
> > > new struct audit_task_info called "audit" in struct task_struct.
> > >
> > > Use kmem_cache to manage this pool of memory.
> > > Un-inline audit_free() to be able to always recover that memory.
> > >
> > > See: https://github.com/linux-audit/audit-kernel/issues/81
> > >
> > > Signed-off-by: Richard Guy Briggs <rgb@...hat.com>
> > > ---
> > > include/linux/audit.h | 34 ++++++++++++++++++++++++----------
> > > include/linux/sched.h | 5 +----
> > > init/init_task.c | 3 +--
> > > init/main.c | 2 ++
> > > kernel/auditsc.c | 51
++++++++++++++++++++++++++++++++++++++++++---------
> > > kernel/fork.c | 4 +++-
> > > 6 files changed, 73 insertions(+), 26 deletions(-)
> >
> > ...
> >
> > > diff --git a/include/linux/sched.h b/include/linux/sched.h
> > > index 87bf02d..e117272 100644
> > > --- a/include/linux/sched.h
> > > +++ b/include/linux/sched.h
> > > @@ -873,10 +872,8 @@ struct task_struct {
> > >
> > > struct callback_head *task_works;
> > >
> > > - struct audit_context *audit_context;
> > > #ifdef CONFIG_AUDITSYSCALL
> > > - kuid_t loginuid;
> > > - unsigned int sessionid;
> > > + struct audit_task_info *audit;
> > > #endif
> > > struct seccomp seccomp;
> >
> > Prior to this patch audit_context was available regardless of
> > CONFIG_AUDITSYSCALL, after this patch the corresponding audit_context
> > is only available when CONFIG_AUDITSYSCALL is defined.
>
> This was intentional since audit_context is not used when AUDITSYSCALL is
> disabled. audit_alloc() was stubbed in that case to return 0.
audit_context()
> returned NULL.
>
> The fact that audit_context was still present in struct task_struct was an
> oversight in the two patches already accepted:
> ("audit: use inline function to get audit context")
> ("audit: use inline function to get audit context")
> that failed to hide or remove it from struct task_struct when it
was no longer
> relevant.
Okay, in that case let's pull this out and fix this separately from
the audit container ID patchset.
> On further digging, loginuid and sessionid (and
audit_log_session_info) should
> be part of CONFIG_AUDIT scope and not CONFIG_AUDITSYSCALL since
it is used in
> CONFIG_CHANGE, ANOM_LINK, FEATURE_CHANGE(, INTEGRITY_RULE), none
of which are
> otherwise dependent on AUDITSYSCALL.
This looks like something else we should fix independently from this patchset.
> Looking ahead, contid should be treated like loginuid and
sessionid, which are
> currently only available when syscall auditting is.
That seems reasonable. Eventually it would be great if we got rid of
CONFIG_AUDITSYSCALL, but that is a separate issue, and something that
is going to require work from the different arch/ABI folks to ensure
everything is working properly.
> Converting records from standalone to syscall and checking
audit_dummy_context
> changes the nature of CONFIG_AUDIT/!CONFIG_AUDITSYSCALL separation.
> eg: ANOM_LINK accompanied by PATH record (which needed CWD addition to be
> complete anyways)
>
> > > diff --git a/init/main.c b/init/main.c
> > > index 3b4ada1..6aba171 100644
> > > --- a/init/main.c
> > > +++ b/init/main.c
> > > @@ -92,6 +92,7 @@
> > > #include <linux rodata_test.h="">
> > > #include <linux jump_label.h="">
> > > #include <linux mem_encrypt.h="">
> > > +#include <linux audit.h="">
> > >
> > > #include <asm io.h="">
> > > #include <asm bugs.h="">
> > > @@ -721,6 +722,7 @@ asmlinkage __visible void __init
start_kernel(void)
> > > nsfs_init();
> > > cpuset_init();
> > > cgroup_init();
> > > + audit_task_init();
> > > taskstats_init_early();
> > > delayacct_init();
> >
> > It seems like we would need either init_struct_audit or
> > audit_task_init(), but not both, yes?
>
> One sets initial values of init task via an included struct,
other makes a call
> to create the kmem cache. Both seem appropriate to me unless we move the
> initialization from a struct to assignments in audit_task_init(),
but I'm not
> that comfortable separating the audit init values from the rest of the
> task_struct init task initializers (though there are other
subsystems that need
> to do so dynamically).
My original thinking was focused on the use of init_struct_audit as an
initializer when audit_task_init() was already creating a kmem_cache
pool and a zero'd/init'd audit_task_info could be obtained via the
usual kmem_cache functions. Alternatively, although I don't believe
it would be recommended for this case, would be to use
init_struct_audit as an init helper if we included the audit_task_info
struct directly in the task_struct, as opposed to a pointer. What I
missed was the simple fact that you're only using init_struct_audit
for the init_task, which pretty much makes my original question rather
silly :)
--
paul moore
www.paul-moore.com
Powered by blists - more mailing lists