lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 16 Oct 2021 16:02:13 +0800
From:   cuigaosheng <cuigaosheng1@...wei.com>
To:     Paul Moore <paul@...l-moore.com>
CC:     Eric Paris <eparis@...hat.com>, <linux-audit@...hat.com>,
        <linux-kernel@...r.kernel.org>, <xiujianfeng@...wei.com>,
        <wangweiyang2@...wei.com>
Subject: Re: [PATCH -next,v2 2/2] audit: return early if the rule has a lower
 priority

I have done some testing with this patch, we have some testsuites to 
verify the

function of audit, and i will test it with the audit-testsuite.

Thanks.

Gaosheng

在 2021/10/14 5:15, Paul Moore 写道:
> On Wed, Oct 13, 2021 at 5:10 AM Gaosheng Cui <cuigaosheng1@...wei.com> wrote:
>> It is not necessary for audit_filter_rules() functions to check
>> audit fileds of the rule with a lower priority, and if we did,
>> there might be some unintended effects, such as the ctx->ppid
>> may be changed unexpectedly, so return early if the rule has
>> a lower priority.
>>
>> Signed-off-by: Gaosheng Cui <cuigaosheng1@...wei.com>
>> ---
>>   kernel/auditsc.c | 5 +++--
>>   1 file changed, 3 insertions(+), 2 deletions(-)
> Thanks for this patch, it looks reasonable to me but have you done any
> testing with this patch?  If so, what have you done?
>
> As a FYI, the audit-testsuite project lives here:
> * https://github.com/linux-audit/audit-testsuite
>
>> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
>> index 42d4a4320526..b517947bfa48 100644
>> --- a/kernel/auditsc.c
>> +++ b/kernel/auditsc.c
>> @@ -470,6 +470,9 @@ static int audit_filter_rules(struct task_struct *tsk,
>>          u32 sid;
>>          unsigned int sessionid;
>>
>> +       if (ctx && rule->prio <= ctx->prio)
>> +               return 0;
>> +
>>          cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation);
>>
>>          for (i = 0; i < rule->field_count; i++) {
>> @@ -737,8 +740,6 @@ static int audit_filter_rules(struct task_struct *tsk,
>>          }
>>
>>          if (ctx) {
>> -               if (rule->prio <= ctx->prio)
>> -                       return 0;
>>                  if (rule->filterkey) {
>>                          kfree(ctx->filterkey);
>>                          ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC);
>> --
>> 2.30.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ