1. 06 4月, 2009 6 次提交
    • P
      audit: Fix possible return value truncation in audit_get_context() · 6d208da8
      Paul Moore 提交于
      The audit subsystem treats syscall return codes as type long, unfortunately
      the audit_get_context() function mistakenly converts the return code to an
      int type in the parameters which could cause problems on systems where the
      sizeof(int) != sizeof(long).
      Signed-off-by: NPaul Moore <paul.moore@hp.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      6d208da8
    • M
      audit: ignore terminating NUL in AUDIT_USER_TTY messages · 55ad2f8d
      Miloslav Trmac 提交于
      AUDIT_USER_TTY, like all other messages sent from user-space, is sent
      NUL-terminated.  Unlike other user-space audit messages, which come only
      from trusted sources, AUDIT_USER_TTY messages are processed using
      audit_log_n_untrustedstring().
      
      This patch modifies AUDIT_USER_TTY handling to ignore the trailing NUL
      and use the "quoted_string" representation of the message if possible.
      Signed-off-by: NMiloslav Trmac <mitr@redhat.com>
      Cc: Eric Paris <eparis@redhat.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Steve Grubb <sgrubb@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      55ad2f8d
    • M
      Audit: fix handling of 'strings' with NULL characters · b3897f56
      Miloslav Trmac 提交于
      currently audit_log_n_untrustedstring() uses audit_string_contains_control()
      to check if the 'string' has any control characters.  If the 'string' has an
      embedded NULL audit_string_contains_control() will return that the data has
      no control characters and will then pass the string to audit_log_n_string
      with the total length, not the length up to the first NULL.
      audit_log_n_string() does a memcpy of the entire length and so the actual
      audit record emitted may then contain a NULL and then whatever random memory
      is after the NULL.
      
      Since we want to log the entire octet stream (if we can't trust the data
      to be a string we can't trust that a NULL isn't actually a part of it)
      we should just consider NULL as a control character.  If the caller is
      certain they want to stop at the first NULL they should be using
      audit_log_untrustedstring.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      b3897f56
    • Z
      make the e->rule.xxx shorter in kernel auditfilter.c · c28bb7da
      Zhenwen Xu 提交于
      make the e->rule.xxx shorter in kernel/auditfilter.c
      --
      ---------------------------------
      Zhenwen Xu - Open and Free
      Home Page:	http://zhwen.org
      My Studio:	http://dim4.cn
      
      >From 99692dc640b278f1cb1a15646ce42f22e89c0f77 Mon Sep 17 00:00:00 2001
      From: Zhenwen Xu <Helight.Xu@gmail.com>
      Date: Thu, 12 Mar 2009 22:04:59 +0800
      Subject: [PATCH] make the e->rule.xxx shorter in kernel/auditfilter.c
      Signed-off-by: NZhenwen Xu <Helight.Xu@gmail.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      c28bb7da
    • R
      auditsc: fix kernel-doc notation · 6b962559
      Randy Dunlap 提交于
      Fix auditsc kernel-doc notation:
      
      Warning(linux-2.6.28-git7//kernel/auditsc.c:2156): No description found for parameter 'attr'
      Warning(linux-2.6.28-git7//kernel/auditsc.c:2156): Excess function parameter 'u_attr' description in '__audit_mq_open'
      Warning(linux-2.6.28-git7//kernel/auditsc.c:2204): No description found for parameter 'notification'
      Warning(linux-2.6.28-git7//kernel/auditsc.c:2204): Excess function parameter 'u_notification' description in '__audit_mq_notify'
      Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
      cc:	Al Viro <viro@zeniv.linux.org.uk>
      cc:	Eric Paris <eparis@redhat.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      6b962559
    • J
      audit: EXECVE record - removed bogus newline · ca96a895
      Jiri Pirko 提交于
      (updated)
      Added hunk that changes the comment, the rest is the same.
      
      EXECVE records contain a newline after every argument. auditd converts
      "\n" to " " so you cannot see newlines even in raw logs, but they're
      there nevertheless. If you're not using auditd, you need to work round
      them. These '\n' chars are can be easily replaced by spaces when
      creating record in kernel. Note there is no need for trailing '\n' in
      an audit record.
      
      record before this patch:
      "type=EXECVE msg=audit(1231421801.566:31): argc=4 a0=\"./test\"\na1=\"a\"\na2=\"b\"\na3=\"c\"\n"
      
      record after this patch:
      "type=EXECVE msg=audit(1231421801.566:31): argc=4 a0=\"./test\" a1=\"a\" a2=\"b\" a3=\"c\""
      Signed-off-by: NJiri Pirko <jpirko@redhat.com>
      Acked-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      ca96a895
  2. 04 4月, 2009 34 次提交