lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHC9VhQTD86Y9ryGNkVKsChJ573GAka_gBuTgXR8q5OpV-zMbw@mail.gmail.com>
Date:   Wed, 13 Oct 2021 17:15:28 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     Gaosheng Cui <cuigaosheng1@...wei.com>
Cc:     Eric Paris <eparis@...hat.com>, linux-audit@...hat.com,
        linux-kernel@...r.kernel.org, xiujianfeng@...wei.com,
        wangweiyang2@...wei.com
Subject: Re: [PATCH -next,v2 2/2] audit: return early if the rule has a lower priority

On Wed, Oct 13, 2021 at 5:10 AM Gaosheng Cui <cuigaosheng1@...wei.com> wrote:
>
> It is not necessary for audit_filter_rules() functions to check
> audit fileds of the rule with a lower priority, and if we did,
> there might be some unintended effects, such as the ctx->ppid
> may be changed unexpectedly, so return early if the rule has
> a lower priority.
>
> Signed-off-by: Gaosheng Cui <cuigaosheng1@...wei.com>
> ---
>  kernel/auditsc.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)

Thanks for this patch, it looks reasonable to me but have you done any
testing with this patch?  If so, what have you done?

As a FYI, the audit-testsuite project lives here:
* https://github.com/linux-audit/audit-testsuite

> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 42d4a4320526..b517947bfa48 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -470,6 +470,9 @@ static int audit_filter_rules(struct task_struct *tsk,
>         u32 sid;
>         unsigned int sessionid;
>
> +       if (ctx && rule->prio <= ctx->prio)
> +               return 0;
> +
>         cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation);
>
>         for (i = 0; i < rule->field_count; i++) {
> @@ -737,8 +740,6 @@ static int audit_filter_rules(struct task_struct *tsk,
>         }
>
>         if (ctx) {
> -               if (rule->prio <= ctx->prio)
> -                       return 0;
>                 if (rule->filterkey) {
>                         kfree(ctx->filterkey);
>                         ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC);
> --
> 2.30.0

-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ