1. 02 2月, 2008 1 次提交
  2. 23 10月, 2007 1 次提交
  3. 21 10月, 2007 2 次提交
    • A
      [PATCH] audit: watching subtrees · 74c3cbe3
      Al Viro 提交于
      New kind of audit rule predicates: "object is visible in given subtree".
      The part that can be sanely implemented, that is.  Limitations:
      	* if you have hardlink from outside of tree, you'd better watch
      it too (or just watch the object itself, obviously)
      	* if you mount something under a watched tree, tell audit
      that new chunk should be added to watched subtrees
      	* if you umount something in a watched tree and it's still mounted
      elsewhere, you will get matches on events happening there.  New command
      tells audit to recalculate the trees, trimming such sources of false
      positives.
      
      Note that it's _not_ about path - if something mounted in several places
      (multiple mount, bindings, different namespaces, etc.), the match does
      _not_ depend on which one we are using for access.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      74c3cbe3
    • A
      [PATCH] pass dentry to audit_inode()/audit_inode_child() · 5a190ae6
      Al Viro 提交于
      makes caller simpler *and* allows to scan ancestors
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      5a190ae6
  4. 19 10月, 2007 1 次提交
  5. 17 10月, 2007 1 次提交
  6. 10 10月, 2007 1 次提交
  7. 23 8月, 2007 1 次提交
  8. 08 8月, 2007 1 次提交
  9. 29 7月, 2007 1 次提交
  10. 22 7月, 2007 2 次提交
    • A
      [PATCH] get rid of AVC_PATH postponed treatment · 4259fa01
      Al Viro 提交于
              Selinux folks had been complaining about the lack of AVC_PATH
      records when audit is disabled.  I must admit my stupidity - I assumed
      that avc_audit() really couldn't use audit_log_d_path() because of
      deadlocks (== could be called with dcache_lock or vfsmount_lock held).
      Shouldn't have made that assumption - it never gets called that way.
      It _is_ called under spinlocks, but not those.
      
              Since audit_log_d_path() uses ab->gfp_mask for allocations,
      kmalloc() in there is not a problem.  IOW, the simple fix is sufficient:
      let's rip AUDIT_AVC_PATH out and simply generate pathname as part of main
      record.  It's trivial to do.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Acked-by: NJames Morris <jmorris@namei.org>
      4259fa01
    • S
      [PATCH] Make IPC mode consistent · 5b9a4262
      Steve Grubb 提交于
      The mode fields for IPC records are not consistent. Some are hex, others are
      octal. This patch makes them all octal.
      Signed-off-by: NSteve Grubb <sgrubb@redhat.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      5b9a4262
  11. 20 7月, 2007 2 次提交
  12. 17 7月, 2007 2 次提交
    • H
      kerneldoc fix in audit_core_dumps · 6d9525b5
      Henrik Kretzschmar 提交于
      Fix parameter name in audit_core_dumps for kerneldoc.
      Signed-off-by: NHenrik Kretzschmar <henne@nachtwindheim.de>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      6d9525b5
    • M
      Audit: add TTY input auditing · 522ed776
      Miloslav Trmac 提交于
      Add TTY input auditing, used to audit system administrator's actions.  This is
      required by various security standards such as DCID 6/3 and PCI to provide
      non-repudiation of administrator's actions and to allow a review of past
      actions if the administrator seems to overstep their duties or if the system
      becomes misconfigured for unknown reasons.  These requirements do not make it
      necessary to audit TTY output as well.
      
      Compared to an user-space keylogger, this approach records TTY input using the
      audit subsystem, correlated with other audit events, and it is completely
      transparent to the user-space application (e.g.  the console ioctls still
      work).
      
      TTY input auditing works on a higher level than auditing all system calls
      within the session, which would produce an overwhelming amount of mostly
      useless audit events.
      
      Add an "audit_tty" attribute, inherited across fork ().  Data read from TTYs
      by process with the attribute is sent to the audit subsystem by the kernel.
      The audit netlink interface is extended to allow modifying the audit_tty
      attribute, and to allow sending explanatory audit events from user-space (for
      example, a shell might send an event containing the final command, after the
      interactive command-line editing and history expansion is performed, which
      might be difficult to decipher from the TTY input alone).
      
      Because the "audit_tty" attribute is inherited across fork (), it would be set
      e.g.  for sshd restarted within an audited session.  To prevent this, the
      audit_tty attribute is cleared when a process with no open TTY file
      descriptors (e.g.  after daemon startup) opens a TTY.
      
      See https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a
      more detailed rationale document for an older version of this patch.
      
      [akpm@linux-foundation.org: build fix]
      Signed-off-by: NMiloslav Trmac <mitr@redhat.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
      Cc: Paul Fulghum <paulkf@microgate.com>
      Cc: Casey Schaufler <casey@schaufler-ca.com>
      Cc: Steve Grubb <sgrubb@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      522ed776
  13. 11 5月, 2007 6 次提交
  14. 15 3月, 2007 1 次提交
  15. 18 2月, 2007 1 次提交
    • A
      [PATCH] AUDIT_FD_PAIR · db349509
      Al Viro 提交于
      Provide an audit record of the descriptor pair returned by pipe() and
      socketpair().  Rewritten from the original posted to linux-audit by
      John D. Ramsdell <ramsdell@mitre.org>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      db349509
  16. 09 12月, 2006 2 次提交
    • J
      [PATCH] struct path: convert kernel · a7a005fd
      Josef Sipek 提交于
      Signed-off-by: NJosef Sipek <jsipek@fsl.cs.sunysb.edu>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      a7a005fd
    • P
      [PATCH] tty: ->signal->tty locking · 24ec839c
      Peter Zijlstra 提交于
      Fix the locking of signal->tty.
      
      Use ->sighand->siglock to protect ->signal->tty; this lock is already used
      by most other members of ->signal/->sighand.  And unless we are 'current'
      or the tasklist_lock is held we need ->siglock to access ->signal anyway.
      
      (NOTE: sys_unshare() is broken wrt ->sighand locking rules)
      
      Note that tty_mutex is held over tty destruction, so while holding
      tty_mutex any tty pointer remains valid.  Otherwise the lifetime of ttys
      are governed by their open file handles.  This leaves some holes for tty
      access from signal->tty (or any other non file related tty access).
      
      It solves the tty SLAB scribbles we were seeing.
      
      (NOTE: the change from group_send_sig_info to __group_send_sig_info needs to
             be examined by someone familiar with the security framework, I think
             it is safe given the SEND_SIG_PRIV from other __group_send_sig_info
             invocations)
      
      [schwidefsky@de.ibm.com: 3270 fix]
      [akpm@osdl.org: various post-viro fixes]
      Signed-off-by: NPeter Zijlstra <a.p.zijlstra@chello.nl>
      Acked-by: NAlan Cox <alan@redhat.com>
      Cc: Oleg Nesterov <oleg@tv-sign.ru>
      Cc: Prarit Bhargava <prarit@redhat.com>
      Cc: Chris Wright <chrisw@sous-sol.org>
      Cc: Roland McGrath <roland@redhat.com>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: James Morris <jmorris@namei.org>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Jeff Dike <jdike@addtoit.com>
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: Jan Kara <jack@ucw.cz>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      24ec839c
  17. 07 12月, 2006 1 次提交
  18. 04 12月, 2006 1 次提交
  19. 04 10月, 2006 2 次提交
  20. 30 9月, 2006 1 次提交
  21. 26 9月, 2006 2 次提交
  22. 12 9月, 2006 1 次提交
  23. 03 8月, 2006 6 次提交