summaryrefslogtreecommitdiffstats
path: root/kernel/auditfilter.c
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2014-12-19 18:35:53 -0500
committerPaul Moore <pmoore@redhat.com>2014-12-19 18:35:53 -0500
commit3640dcfa4fd00cd91d88bb86250bdb496f7070c0 (patch)
treede75adc9ca42230ba0f8aeb4255c3f120acb51d8 /kernel/auditfilter.c
parent0f7e94ee40d06f7a04e039392dfee8244bd8a7e0 (diff)
downloadlinux-3640dcfa4fd00cd91d88bb86250bdb496f7070c0.tar.gz
linux-3640dcfa4fd00cd91d88bb86250bdb496f7070c0.tar.bz2
linux-3640dcfa4fd00cd91d88bb86250bdb496f7070c0.zip
audit: don't attempt to lookup PIDs when changing PID filtering audit rules
Commit f1dc4867 ("audit: anchor all pid references in the initial pid namespace") introduced a find_vpid() call when adding/removing audit rules with PID/PPID filters; unfortunately this is problematic as find_vpid() only works if there is a task with the associated PID alive on the system. The following commands demonstrate a simple reproducer. # auditctl -D # auditctl -l # autrace /bin/true # auditctl -l This patch resolves the problem by simply using the PID provided by the user without any additional validation, e.g. no calls to check to see if the task/PID exists. Cc: stable@vger.kernel.org # 3.15 Cc: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <pmoore@redhat.com> Acked-by: Eric Paris <eparis@redhat.com> Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Diffstat (limited to 'kernel/auditfilter.c')
-rw-r--r--kernel/auditfilter.c13
1 files changed, 0 insertions, 13 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index d214cd073a58..c0d148bd7a5c 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -444,19 +444,6 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
f->val = 0;
}
- if ((f->type == AUDIT_PID) || (f->type == AUDIT_PPID)) {
- struct pid *pid;
- rcu_read_lock();
- pid = find_vpid(f->val);
- if (!pid) {
- rcu_read_unlock();
- err = -ESRCH;
- goto exit_free;
- }
- f->val = pid_nr(pid);
- rcu_read_unlock();
- }
-
err = audit_field_valid(entry, f);
if (err)
goto exit_free;