- 14 1月, 2014 4 次提交
-
-
由 Richard Guy Briggs 提交于
Convert audit from only listening in init_net to use register_pernet_subsys() to dynamically manage the netlink socket list. Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Richard Guy Briggs 提交于
When being refactored from audit_log_start() to audit_log_task_info(), in commit e23eb920 the tty and ses fields in the log output got transposed. Restore to original order to avoid breaking search tools. Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Richard Guy Briggs 提交于
Normally, netlink ports use the PID of the userspace process as the port ID. If the PID is already in use by a port, the kernel will allocate another port ID to avoid conflict. Re-name all references to netlink ports from pid to portid to reflect this reality and avoid confusion with actual PIDs. Ports use the __u32 type, so re-type all portids accordingly. (This patch is very similar to ebiederman's 5deadd69) Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Eric W. Biederman 提交于
- Always report the current process as capset now always only works on the current process. This prevents reporting 0 or a random pid in a random pid namespace. - Don't bother to pass the pid as is available. Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com> (cherry picked from commit bcc85f0af31af123e32858069eb2ad8f39f90e67) (cherry picked from commit f911cac4556a7a23e0b3ea850233d13b32328692) Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> [eparis: fix build error when audit disabled] Signed-off-by: NEric Paris <eparis@redhat.com>
-
- 23 11月, 2013 1 次提交
-
-
由 Eric Paris 提交于
Linux 3.12 Conflicts: fs/exec.c
-
- 07 11月, 2013 1 次提交
-
-
由 Eric Paris 提交于
sfr pointed out that with CONFIG_UIDGID_STRICT_TYPE_CHECKS set the audit tree would not build. This is because the oldsessionid in audit_set_loginuid() was accidentally being declared as a kuid_t. This patch fixes that declaration mistake. Example of problem: kernel/auditsc.c: In function 'audit_set_loginuid': kernel/auditsc.c:2003:15: error: incompatible types when assigning to type 'kuid_t' from type 'int' oldsessionid = audit_get_sessionid(current); Reported-by: NStephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: NEric Paris <eparis@redhat.com>
-
- 06 11月, 2013 27 次提交
-
-
由 Richard Guy Briggs 提交于
Move the audit_bprm() call from search_binary_handler() to exec_binprm(). This allows us to get rid of the mm member of struct audit_aux_data_execve since bprm->mm will equal current->mm. This also mitigates the issue that ->argc could be modified by the load_binary() call in search_binary_handler(). audit_bprm() was being called to add an AUDIT_EXECVE record to the audit context every time search_binary_handler() was recursively called. Only one reference is necessary. Reported-by: NOleg Nesterov <onestero@redhat.com> Cc: Eric Paris <eparis@redhat.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com> --- This patch is against 3.11, but was developed on Oleg's post-3.11 patches that introduce exec_binprm().
-
由 Richard Guy Briggs 提交于
audit_bprm() was being called to add an AUDIT_EXECVE record to the audit context every time search_binary_handler() was recursively called. Only one reference is necessary, so just update it. Move the the contents of audit_aux_data_execve into the union in audit_context, removing dependence on a kmalloc along the way. Reported-by: NOleg Nesterov <onestero@redhat.com> Cc: Eric Paris <eparis@redhat.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Richard Guy Briggs 提交于
Get rid of write-only audit_aux_data_exeve structure member envc. Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Eric W. Biederman 提交于
Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com> (cherry picked from ebiederman commit 6904431d6b41190e42d6b94430b67cb4e7e6a4b7) Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Eric Paris 提交于
commit ab61d38e tried to merge the invalid filter checking into a single function. However AUDIT_INODE filters were not verified in the new generic checker. Thus such rules were being denied even though they were perfectly valid. Ex: $ auditctl -a exit,always -F arch=b64 -S open -F key=/foo -F inode=6955 -F devmajor=9 -F devminor=1 Error sending add rule data request (Invalid argument) Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Richard Guy Briggs 提交于
Supress the stock memory allocation failure warnings for audit buffers since audit alreay takes care of memory allocation failure warnings, including rate-limiting, in audit_log_start(). Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Jeff Layton 提交于
...to make it clear what the intent behind each record's operation was. In many cases you can infer this, based on the context of the syscall and the result. In other cases it's not so obvious. For instance, in the case where you have a file being renamed over another, you'll have two different records with the same filename but different inode info. By logging this information we can clearly tell which one was created and which was deleted. This fixes what was broken in commit bfcec708. Commit 79f6530c should also be backported to stable v3.7+. Signed-off-by: NJeff Layton <jlayton@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Jeff Layton 提交于
Historically, when a syscall that creates a dentry fails, you get an audit record that looks something like this (when trying to create a file named "new" in "/tmp/tmp.SxiLnCcv63"): type=PATH msg=audit(1366128956.279:965): item=0 name="/tmp/tmp.SxiLnCcv63/new" inode=2138308 dev=fd:02 mode=040700 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:user_tmp_t:s15:c0.c1023 This record makes no sense since it's associating the inode information for "/tmp/tmp.SxiLnCcv63" with the path "/tmp/tmp.SxiLnCcv63/new". The recent patch I posted to fix the audit_inode call in do_last fixes this, by making it look more like this: type=PATH msg=audit(1366128765.989:13875): item=0 name="/tmp/tmp.DJ1O8V3e4f/" inode=141 dev=fd:02 mode=040700 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:user_tmp_t:s15:c0.c1023 While this is more correct, if the creation of the file fails, then we have no record of the filename that the user tried to create. This patch adds a call to audit_inode_child to may_create. This creates an AUDIT_TYPE_CHILD_CREATE record that will sit in place until the create succeeds. When and if the create does succeed, then this record will be updated with the correct inode info from the create. This fixes what was broken in commit bfcec708. Commit 79f6530c should also be backported to stable v3.7+. Signed-off-by: NJeff Layton <jlayton@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Richard Guy Briggs 提交于
In send/GET, we don't want the kernel to lie about what value is set. Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Mathias Krause 提交于
Using the nlmsg_len member of the netlink header to test if the message is valid is wrong as it includes the size of the netlink header itself. Thereby allowing to send short netlink messages that pass those checks. Use nlmsg_len() instead to test for the right message length. The result of nlmsg_len() is guaranteed to be non-negative as the netlink message already passed the checks of nlmsg_ok(). Also switch to min_t() to please checkpatch.pl. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Cc: stable@vger.kernel.org # v2.6.6+ for the 1st hunk, v2.6.23+ for the 2nd Signed-off-by: NMathias Krause <minipli@googlemail.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Eric Paris 提交于
We currently are setting fields to 0 to initialize the structure declared on the stack. This is a bad idea as if the structure has holes or unpacked space these will not be initialized. Just use memset. This is not a performance critical section of code. Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Mathias Krause 提交于
We leak 4 bytes of kernel stack in response to an AUDIT_GET request as we miss to initialize the mask member of status_set. Fix that. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Cc: stable@vger.kernel.org # v2.6.6+ Signed-off-by: NMathias Krause <minipli@googlemail.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Richard Guy Briggs 提交于
It appears this one comparison function got missed in f368c07d (and 9c937dcc). Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Eric Paris 提交于
This adds a new 'audit_feature' bit which allows userspace to set it such that the loginuid is absolutely immutable, even if you have CAP_AUDIT_CONTROL. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Eric Paris 提交于
This is a new audit feature which only grants processes with CAP_AUDIT_CONTROL the ability to unset their loginuid. They cannot directly set it from a valid uid to another valid uid. The ability to unset the loginuid is nice because a priviledged task, like that of container creation, can unset the loginuid and then priv is not needed inside the container when a login daemon needs to set the loginuid. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Eric Paris 提交于
If a task has CAP_AUDIT_CONTROL allow that task to unset their loginuid. This would allow a child of that task to set their loginuid without CAP_AUDIT_CONTROL. Thus when launching a new login daemon, a priviledged helper would be able to unset the loginuid and then the daemon, which may be malicious user facing, do not need priv to function correctly. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Eric Paris 提交于
After trying to use this feature in Fedora we found the hard coding policy like this into the kernel was a bad idea. Surprise surprise. We ran into these problems because it was impossible to launch a container as a logged in user and run a login daemon inside that container. This reverts back to the old behavior before this option was added. The option will be re-added in a userspace selectable manor such that userspace can choose when it is and when it is not appropriate. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Eric Paris 提交于
This is just a code rework. It makes things more readable. It does not make any functional changes. It does change the log messages to include both the old session id as well the new and it includes a new res field, which means we get messages even when the user did not have permission to change the loginuid. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Eric Paris 提交于
We use the read check to get the feature set (like AUDIT_GET) and the write check to set the features (like AUDIT_SET). Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Eric Paris 提交于
The audit_status structure was not designed with extensibility in mind. Define a new AUDIT_SET_FEATURE message type which takes a new structure of bits where things can be enabled/disabled/locked one at a time. This structure should be able to grow in the future while maintaining forward and backward compatibility (based loosly on the ideas from capabilities and prctl) This does not actually add any features, but is just infrastructure to allow new on/off types of audit system features. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Richard Guy Briggs 提交于
SFR reported this 2013-05-15: > After merging the final tree, today's linux-next build (i386 defconfig) > produced this warning: > > kernel/auditfilter.c: In function 'audit_data_to_entry': > kernel/auditfilter.c:426:3: warning: this decimal constant is unsigned only > in ISO C90 [enabled by default] > > Introduced by commit 780a7654 ("audit: Make testing for a valid > loginuid explicit") from Linus' tree. Replace this decimal constant in the code with a macro to make it more readable (add to the unsigned cast to quiet the warning). Cc: Stephen Rothwell <sfr@canb.auug.org.au> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Tyler Hicks 提交于
When the audit=1 kernel parameter is absent and auditd is not running, AUDIT_USER_AVC messages are being silently discarded. AUDIT_USER_AVC messages should be sent to userspace using printk(), as mentioned in the commit message of 4a4cd633 ("AUDIT: Optimise the audit-disabled case for discarding user messages"). When audit_enabled is 0, audit_receive_msg() discards all user messages except for AUDIT_USER_AVC messages. However, audit_log_common_recv_msg() refuses to allocate an audit_buffer if audit_enabled is 0. The fix is to special case AUDIT_USER_AVC messages in both functions. It looks like commit 50397bd1 ("[AUDIT] clean up audit_receive_msg()") introduced this bug. Cc: <stable@kernel.org> # v2.6.25+ Signed-off-by: NTyler Hicks <tyhicks@canonical.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Cc: linux-audit@redhat.com Acked-by: NKees Cook <keescook@chromium.org> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Oleg Nesterov 提交于
If audit_filter_task() nacks the new thread it makes sense to clear TIF_SYSCALL_AUDIT which can be copied from parent by dup_task_struct(). A wrong TIF_SYSCALL_AUDIT is not really bad but it triggers the "slow" audit paths in entry.S to ensure the task can not miss audit_syscall_*() calls, this is pointless if the task has no ->audit_context. Signed-off-by: NOleg Nesterov <oleg@redhat.com> Acked-by: NSteve Grubb <sgrubb@redhat.com> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Gao feng 提交于
Remove it. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Richard Guy Briggs 提交于
A newline was accidentally added during session ID helper refactorization in commit 4d3fb709. This needlessly uses up buffer space, messes up syslog formatting and makes userspace processing less efficient. Remove it. Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Ilya V. Matveychikov 提交于
Signed-off-by: NIlya V. Matveychikov <matvejchikov@gmail.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
由 Richard Guy Briggs 提交于
Messages of type AUDIT_USER_TTY were being formatted to 1024 octets, truncating messages approaching MAX_AUDIT_MESSAGE_LENGTH (8970 octets). Set the formatting to 8560 characters, given maximum estimates for prefix and suffix budgets. See the problem discussion: https://www.redhat.com/archives/linux-audit/2009-January/msg00030.html And the new size rationale: https://www.redhat.com/archives/linux-audit/2013-September/msg00016.html Test ~8k messages with: auditctl -m "$(for i in $(seq -w 001 820);do echo -n "${i}0______";done)" Reported-by: NLC Bruzenak <lenny@magitekltd.com> Reported-by: NJustin Stephenson <jstephen@redhat.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NEric Paris <eparis@redhat.com>
-
- 04 11月, 2013 3 次提交
-
-
由 Linus Torvalds 提交于
-
git://git.linux-mips.org/pub/scm/ralf/upstream-linus由 Linus Torvalds 提交于
Pull MIPS fixes from Ralf Baechle: "Three fixes across arch/mips with the most complex one being the GIC interrupt fix - at nine lines still not monster. I'm confident this are the final MIPS patches even if there should go for an rc8" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: ralink: fix return value check in rt_timer_probe() MIPS: malta: Fix GIC interrupt offsets MIPS: Perf: Fix 74K cache map
-
由 Mathias Krause 提交于
Negative message lengths make no sense -- so don't do negative queue lenghts or identifier counts. Prevent them from getting negative. Also change the underlying data types to be unsigned to avoid hairy surprises with sign extensions in cases where those variables get evaluated in unsigned expressions with bigger data types, e.g size_t. In case a user still wants to have "unlimited" sizes she could just use INT_MAX instead. Signed-off-by: NMathias Krause <minipli@googlemail.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 03 11月, 2013 2 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux由 Linus Torvalds 提交于
Pull ARM kallsyms fix from Rusty Russell: "Last minute perf unbreakage for ARM modules; spent a day in linux-next" * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: scripts/kallsyms: filter symbols not in kernel address space
-
由 Vineet Gupta 提交于
A vmalloc fault needs to sync up PGD/PTE entry from init_mm to current task's "active_mm". ARC vmalloc fault handler however was using mm. A vmalloc fault for non user task context (actually pre-userland, from init thread's open for /dev/console) caused the handler to deref NULL mm (for mm->pgd) The reasons it worked so far is amazing: 1. By default (!SMP), vmalloc fault handler uses a cached value of PGD. In SMP that MMU register is repurposed hence need for mm pointer deref. 2. In pre-3.12 SMP kernel, the problem triggering vmalloc didn't exist in pre-userland code path - it was introduced with commit 20bafb3d "n_tty: Move buffers into n_tty_data" Signed-off-by: NVineet Gupta <vgupta@synopsys.com> Cc: Gilad Ben-Yossef <gilad@benyossef.com> Cc: Noam Camus <noamc@ezchip.com> Cc: stable@vger.kernel.org #3.10 and 3.11 Cc: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 02 11月, 2013 2 次提交
-
-
由 Ming Lei 提交于
This patch uses CONFIG_PAGE_OFFSET to filter symbols which are not in kernel address space because these symbols are generally for generating code purpose and can't be run at kernel mode, so we needn't keep them in /proc/kallsyms. For example, on ARM there are some symbols which may be linked in relocatable code section, then perf can't parse symbols any more from /proc/kallsyms, this patch fixes the problem (introduced b9b32bf7) Cc: Russell King <linux@arm.linux.org.uk> Cc: linux-arm-kernel@lists.infradead.org Cc: Michal Marek <mmarek@suse.cz> Signed-off-by: NMing Lei <tom.leiming@gmail.com> Signed-off-by: NRusty Russell <rusty@rustcorp.com.au> Cc: stable@vger.kernel.org
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull perf fixes from Ingo Molnar: "Two fixes: - Fix 'NMI handler took too long to run' false positives [ Genuine NMI overhead speedups will come for v3.13, this commit only fixes a measurement bug ] - Fix perf ring-buffer missed barrier causing (rare) ring-buffer data corruption on ppc64" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86: Fix NMI measurements perf: Fix perf ring buffer memory ordering
-