Commit 18e6756a authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'audit.b32' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current

* 'audit.b32' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
  [PATCH] message types updated
  [PATCH] name_count array overrun
  [PATCH] PPID filtering fix
  [PATCH] arch filter lists with < or > should not be accepted
parents a0a00cbf c8e649ba
...@@ -75,7 +75,7 @@ ...@@ -75,7 +75,7 @@
#define AUDIT_DAEMON_CONFIG 1203 /* Daemon config change */ #define AUDIT_DAEMON_CONFIG 1203 /* Daemon config change */
#define AUDIT_SYSCALL 1300 /* Syscall event */ #define AUDIT_SYSCALL 1300 /* Syscall event */
#define AUDIT_FS_WATCH 1301 /* Filesystem watch event */ /* #define AUDIT_FS_WATCH 1301 * Deprecated */
#define AUDIT_PATH 1302 /* Filename path information */ #define AUDIT_PATH 1302 /* Filename path information */
#define AUDIT_IPC 1303 /* IPC record */ #define AUDIT_IPC 1303 /* IPC record */
#define AUDIT_SOCKETCALL 1304 /* sys_socketcall arguments */ #define AUDIT_SOCKETCALL 1304 /* sys_socketcall arguments */
...@@ -88,6 +88,7 @@ ...@@ -88,6 +88,7 @@
#define AUDIT_MQ_SENDRECV 1313 /* POSIX MQ send/receive record type */ #define AUDIT_MQ_SENDRECV 1313 /* POSIX MQ send/receive record type */
#define AUDIT_MQ_NOTIFY 1314 /* POSIX MQ notify record type */ #define AUDIT_MQ_NOTIFY 1314 /* POSIX MQ notify record type */
#define AUDIT_MQ_GETSETATTR 1315 /* POSIX MQ get/set attribute record type */ #define AUDIT_MQ_GETSETATTR 1315 /* POSIX MQ get/set attribute record type */
#define AUDIT_KERNEL_OTHER 1316 /* For use by 3rd party modules */
#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
......
...@@ -411,7 +411,6 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) ...@@ -411,7 +411,6 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
case AUDIT_FSGID: case AUDIT_FSGID:
case AUDIT_LOGINUID: case AUDIT_LOGINUID:
case AUDIT_PERS: case AUDIT_PERS:
case AUDIT_ARCH:
case AUDIT_MSGTYPE: case AUDIT_MSGTYPE:
case AUDIT_PPID: case AUDIT_PPID:
case AUDIT_DEVMAJOR: case AUDIT_DEVMAJOR:
...@@ -423,6 +422,14 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) ...@@ -423,6 +422,14 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
case AUDIT_ARG2: case AUDIT_ARG2:
case AUDIT_ARG3: case AUDIT_ARG3:
break; break;
/* arch is only allowed to be = or != */
case AUDIT_ARCH:
if ((f->op != AUDIT_NOT_EQUAL) && (f->op != AUDIT_EQUAL)
&& (f->op != AUDIT_NEGATE) && (f->op)) {
err = -EINVAL;
goto exit_free;
}
break;
case AUDIT_PERM: case AUDIT_PERM:
if (f->val & ~15) if (f->val & ~15)
goto exit_free; goto exit_free;
......
...@@ -278,8 +278,11 @@ static int audit_filter_rules(struct task_struct *tsk, ...@@ -278,8 +278,11 @@ static int audit_filter_rules(struct task_struct *tsk,
result = audit_comparator(tsk->pid, f->op, f->val); result = audit_comparator(tsk->pid, f->op, f->val);
break; break;
case AUDIT_PPID: case AUDIT_PPID:
if (ctx) if (ctx) {
if (!ctx->ppid)
ctx->ppid = sys_getppid();
result = audit_comparator(ctx->ppid, f->op, f->val); result = audit_comparator(ctx->ppid, f->op, f->val);
}
break; break;
case AUDIT_UID: case AUDIT_UID:
result = audit_comparator(tsk->uid, f->op, f->val); result = audit_comparator(tsk->uid, f->op, f->val);
...@@ -795,7 +798,8 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts ...@@ -795,7 +798,8 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
/* tsk == current */ /* tsk == current */
context->pid = tsk->pid; context->pid = tsk->pid;
context->ppid = sys_getppid(); /* sic. tsk == current in all cases */ if (!context->ppid)
context->ppid = sys_getppid();
context->uid = tsk->uid; context->uid = tsk->uid;
context->gid = tsk->gid; context->gid = tsk->gid;
context->euid = tsk->euid; context->euid = tsk->euid;
...@@ -1137,6 +1141,7 @@ void audit_syscall_entry(int arch, int major, ...@@ -1137,6 +1141,7 @@ void audit_syscall_entry(int arch, int major,
context->ctime = CURRENT_TIME; context->ctime = CURRENT_TIME;
context->in_syscall = 1; context->in_syscall = 1;
context->auditable = !!(state == AUDIT_RECORD_CONTEXT); context->auditable = !!(state == AUDIT_RECORD_CONTEXT);
context->ppid = 0;
} }
/** /**
...@@ -1352,7 +1357,13 @@ void __audit_inode_child(const char *dname, const struct inode *inode, ...@@ -1352,7 +1357,13 @@ void __audit_inode_child(const char *dname, const struct inode *inode,
} }
update_context: update_context:
idx = context->name_count++; idx = context->name_count;
if (context->name_count == AUDIT_NAMES) {
printk(KERN_DEBUG "name_count maxed and losing %s\n",
found_name ?: "(null)");
return;
}
context->name_count++;
#if AUDIT_DEBUG #if AUDIT_DEBUG
context->ino_count++; context->ino_count++;
#endif #endif
...@@ -1370,7 +1381,16 @@ void __audit_inode_child(const char *dname, const struct inode *inode, ...@@ -1370,7 +1381,16 @@ void __audit_inode_child(const char *dname, const struct inode *inode,
/* A parent was not found in audit_names, so copy the inode data for the /* A parent was not found in audit_names, so copy the inode data for the
* provided parent. */ * provided parent. */
if (!found_name) { if (!found_name) {
idx = context->name_count++; idx = context->name_count;
if (context->name_count == AUDIT_NAMES) {
printk(KERN_DEBUG
"name_count maxed and losing parent inode data: dev=%02x:%02x, inode=%lu",
MAJOR(parent->i_sb->s_dev),
MINOR(parent->i_sb->s_dev),
parent->i_ino);
return;
}
context->name_count++;
#if AUDIT_DEBUG #if AUDIT_DEBUG
context->ino_count++; context->ino_count++;
#endif #endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment