1. 06 4月, 2009 9 次提交
    • E
      Audit: remove spaces from audit_log_d_path · def57543
      Eric Paris 提交于
      audit_log_d_path had spaces in the strings which would be emitted on the
      error paths.  This patch simply replaces those spaces with an _ or removes
      the needless spaces entirely.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      def57543
    • E
      audit: audit_set_auditable defined but not used · 679173b7
      Eric Paris 提交于
      after 0590b933 audit_set_auditable() is now only
      used by the audit tree code.  If CONFIG_AUDIT_TREE is unset it will be defined
      but unused.  This patch simply moves the function inside a CONFIG_AUDIT_TREE
      block.
      
      cc1: warnings being treated as errors
      /home/acme_unencrypted/git/linux-2.6-tip/kernel/auditsc.c:745: error: ‘audit_set_auditable’ defined but not used
      make[2]: *** [kernel/auditsc.o] Error 1
      make[1]: *** [kernel] Error 2
      make[1]: *** Waiting for unfinished jobs....
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      679173b7
    • E
      audit: incorrect ref counting in audit tree tag_chunk · 318b6d3d
      Eric Paris 提交于
      tag_chunk has bad exit paths in which the inotify ref counting is wrong.
      At the top of the function we found &old_watch using  inotify_find_watch().
      inotify_find_watch takes a reference to the watch.  This is never dropped
      on an error path.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      318b6d3d
    • P
      audit: Fix possible return value truncation in audit_get_context() · 6d208da8
      Paul Moore 提交于
      The audit subsystem treats syscall return codes as type long, unfortunately
      the audit_get_context() function mistakenly converts the return code to an
      int type in the parameters which could cause problems on systems where the
      sizeof(int) != sizeof(long).
      Signed-off-by: NPaul Moore <paul.moore@hp.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      6d208da8
    • M
      audit: ignore terminating NUL in AUDIT_USER_TTY messages · 55ad2f8d
      Miloslav Trmac 提交于
      AUDIT_USER_TTY, like all other messages sent from user-space, is sent
      NUL-terminated.  Unlike other user-space audit messages, which come only
      from trusted sources, AUDIT_USER_TTY messages are processed using
      audit_log_n_untrustedstring().
      
      This patch modifies AUDIT_USER_TTY handling to ignore the trailing NUL
      and use the "quoted_string" representation of the message if possible.
      Signed-off-by: NMiloslav Trmac <mitr@redhat.com>
      Cc: Eric Paris <eparis@redhat.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Steve Grubb <sgrubb@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      55ad2f8d
    • M
      Audit: fix handling of 'strings' with NULL characters · b3897f56
      Miloslav Trmac 提交于
      currently audit_log_n_untrustedstring() uses audit_string_contains_control()
      to check if the 'string' has any control characters.  If the 'string' has an
      embedded NULL audit_string_contains_control() will return that the data has
      no control characters and will then pass the string to audit_log_n_string
      with the total length, not the length up to the first NULL.
      audit_log_n_string() does a memcpy of the entire length and so the actual
      audit record emitted may then contain a NULL and then whatever random memory
      is after the NULL.
      
      Since we want to log the entire octet stream (if we can't trust the data
      to be a string we can't trust that a NULL isn't actually a part of it)
      we should just consider NULL as a control character.  If the caller is
      certain they want to stop at the first NULL they should be using
      audit_log_untrustedstring.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      b3897f56
    • Z
      make the e->rule.xxx shorter in kernel auditfilter.c · c28bb7da
      Zhenwen Xu 提交于
      make the e->rule.xxx shorter in kernel/auditfilter.c
      --
      ---------------------------------
      Zhenwen Xu - Open and Free
      Home Page:	http://zhwen.org
      My Studio:	http://dim4.cn
      
      >From 99692dc640b278f1cb1a15646ce42f22e89c0f77 Mon Sep 17 00:00:00 2001
      From: Zhenwen Xu <Helight.Xu@gmail.com>
      Date: Thu, 12 Mar 2009 22:04:59 +0800
      Subject: [PATCH] make the e->rule.xxx shorter in kernel/auditfilter.c
      Signed-off-by: NZhenwen Xu <Helight.Xu@gmail.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      c28bb7da
    • R
      auditsc: fix kernel-doc notation · 6b962559
      Randy Dunlap 提交于
      Fix auditsc kernel-doc notation:
      
      Warning(linux-2.6.28-git7//kernel/auditsc.c:2156): No description found for parameter 'attr'
      Warning(linux-2.6.28-git7//kernel/auditsc.c:2156): Excess function parameter 'u_attr' description in '__audit_mq_open'
      Warning(linux-2.6.28-git7//kernel/auditsc.c:2204): No description found for parameter 'notification'
      Warning(linux-2.6.28-git7//kernel/auditsc.c:2204): Excess function parameter 'u_notification' description in '__audit_mq_notify'
      Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
      cc:	Al Viro <viro@zeniv.linux.org.uk>
      cc:	Eric Paris <eparis@redhat.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      6b962559
    • J
      audit: EXECVE record - removed bogus newline · ca96a895
      Jiri Pirko 提交于
      (updated)
      Added hunk that changes the comment, the rest is the same.
      
      EXECVE records contain a newline after every argument. auditd converts
      "\n" to " " so you cannot see newlines even in raw logs, but they're
      there nevertheless. If you're not using auditd, you need to work round
      them. These '\n' chars are can be easily replaced by spaces when
      creating record in kernel. Note there is no need for trailing '\n' in
      an audit record.
      
      record before this patch:
      "type=EXECVE msg=audit(1231421801.566:31): argc=4 a0=\"./test\"\na1=\"a\"\na2=\"b\"\na3=\"c\"\n"
      
      record after this patch:
      "type=EXECVE msg=audit(1231421801.566:31): argc=4 a0=\"./test\" a1=\"a\" a2=\"b\" a3=\"c\""
      Signed-off-by: NJiri Pirko <jpirko@redhat.com>
      Acked-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      ca96a895
  2. 04 4月, 2009 31 次提交