summaryrefslogtreecommitdiffstats
path: root/kernel/audit.h
diff options
context:
space:
mode:
authorPaul Moore <paul@paul-moore.com>2016-07-19 17:42:57 -0400
committerPaul Moore <paul@paul-moore.com>2016-07-20 14:15:46 -0400
commit43761473c254b45883a64441dd0bc85a42f3645c (patch)
tree926f49bd83f6906e49b29532b1a3d8d00b2215fa /kernel/audit.h
parent0b7a0fdb29715e38641beb39db4d01695b22b5aa (diff)
downloadlinux-43761473c254b45883a64441dd0bc85a42f3645c.tar.gz
linux-43761473c254b45883a64441dd0bc85a42f3645c.tar.bz2
linux-43761473c254b45883a64441dd0bc85a42f3645c.zip
audit: fix a double fetch in audit_log_single_execve_arg()
There is a double fetch problem in audit_log_single_execve_arg() where we first check the execve(2) argumnets for any "bad" characters which would require hex encoding and then re-fetch the arguments for logging in the audit record[1]. Of course this leaves a window of opportunity for an unsavory application to munge with the data. This patch reworks things by only fetching the argument data once[2] into a buffer where it is scanned and logged into the audit records(s). In addition to fixing the double fetch, this patch improves on the original code in a few other ways: better handling of large arguments which require encoding, stricter record length checking, and some performance improvements (completely unverified, but we got rid of some strlen() calls, that's got to be a good thing). As part of the development of this patch, I've also created a basic regression test for the audit-testsuite, the test can be tracked on GitHub at the following link: * https://github.com/linux-audit/audit-testsuite/issues/25 [1] If you pay careful attention, there is actually a triple fetch problem due to a strnlen_user() call at the top of the function. [2] This is a tiny white lie, we do make a call to strnlen_user() prior to fetching the argument data. I don't like it, but due to the way the audit record is structured we really have no choice unless we copy the entire argument at once (which would require a rather wasteful allocation). The good news is that with this patch the kernel no longer relies on this strnlen_user() value for anything beyond recording it in the log, we also update it with a trustworthy value whenever possible. Reported-by: Pengfei Wang <wpengfeinudt@gmail.com> Cc: <stable@vger.kernel.org> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/audit.h')
0 files changed, 0 insertions, 0 deletions