diff options
author | Paul Moore <pmoore@redhat.com> | 2014-12-19 18:35:53 -0500 |
---|---|---|
committer | Paul Moore <pmoore@redhat.com> | 2014-12-19 18:35:53 -0500 |
commit | 3640dcfa4fd00cd91d88bb86250bdb496f7070c0 (patch) | |
tree | de75adc9ca42230ba0f8aeb4255c3f120acb51d8 /kernel/auditfilter.c | |
parent | 0f7e94ee40d06f7a04e039392dfee8244bd8a7e0 (diff) | |
download | linux-3640dcfa4fd00cd91d88bb86250bdb496f7070c0.tar.gz linux-3640dcfa4fd00cd91d88bb86250bdb496f7070c0.tar.bz2 linux-3640dcfa4fd00cd91d88bb86250bdb496f7070c0.zip |
audit: don't attempt to lookup PIDs when changing PID filtering audit rules
Commit f1dc4867 ("audit: anchor all pid references in the initial pid
namespace") introduced a find_vpid() call when adding/removing audit
rules with PID/PPID filters; unfortunately this is problematic as
find_vpid() only works if there is a task with the associated PID
alive on the system. The following commands demonstrate a simple
reproducer.
# auditctl -D
# auditctl -l
# autrace /bin/true
# auditctl -l
This patch resolves the problem by simply using the PID provided by
the user without any additional validation, e.g. no calls to check to
see if the task/PID exists.
Cc: stable@vger.kernel.org # 3.15
Cc: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Diffstat (limited to 'kernel/auditfilter.c')
-rw-r--r-- | kernel/auditfilter.c | 13 |
1 files changed, 0 insertions, 13 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index d214cd073a58..c0d148bd7a5c 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -444,19 +444,6 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, f->val = 0; } - if ((f->type == AUDIT_PID) || (f->type == AUDIT_PPID)) { - struct pid *pid; - rcu_read_lock(); - pid = find_vpid(f->val); - if (!pid) { - rcu_read_unlock(); - err = -ESRCH; - goto exit_free; - } - f->val = pid_nr(pid); - rcu_read_unlock(); - } - err = audit_field_valid(entry, f); if (err) goto exit_free; |