| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210331205639.GA4972@salvia>
Date: Wed, 31 Mar 2021 22:56:39 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: Richard Guy Briggs <rgb@...hat.com>
Cc: Linux-Audit Mailing List <linux-audit@...hat.com>,
LKML <linux-kernel@...r.kernel.org>,
netfilter-devel@...r.kernel.org, Paul Moore <paul@...l-moore.com>,
Eric Paris <eparis@...isplace.org>,
Steve Grubb <sgrubb@...hat.com>,
Florian Westphal <fw@...len.de>, Phil Sutter <phil@....cc>,
twoerner@...hat.com, tgraf@...radead.org, dan.carpenter@...cle.com,
Jones Desougi <jones.desougi+netfilter@...il.com>
Subject: Re: [PATCH v5] audit: log nftables configuration change events once
per table
On Wed, Mar 31, 2021 at 04:53:10PM -0400, Richard Guy Briggs wrote:
> On 2021-03-31 22:22, Pablo Neira Ayuso wrote:
> > On Fri, Mar 26, 2021 at 01:38:59PM -0400, Richard Guy Briggs wrote:
> > > Reduce logging of nftables events to a level similar to iptables.
> > > Restore the table field to list the table, adding the generation.
> > >
> > > Indicate the op as the most significant operation in the event.
> >
> > There's a UAF, Florian reported. I'm attaching an incremental fix.
> >
> > nf_tables_commit_audit_collect() refers to the trans object which
> > might have been already released.
>
> Got it. Thanks Pablo. I didn't see it when running nft-test.py Where
> was it reported?
CONFIG_KASAN.
> Here I tried to stay out of the way by putting that
> call at the end of the loop but that was obviously a mistake in
> hindsight. :-)
No problem, I'll squash this incremental fix into your audit patch.
Powered by blists - more mailing lists