2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-17 09:43:59 +08:00
linux-next/security
Richard Guy Briggs 5deeb5cece lsm: copy comm before calling audit_log to avoid race in string printing
When task->comm is passed directly to audit_log_untrustedstring() without
getting a copy or using the task_lock, there is a race that could happen that
would output a NULL (\0) in the middle of the output string that would
effectively truncate the rest of the report text after the comm= field in the
audit log message, losing fields.

Using get_task_comm() to get a copy while acquiring the task_lock to prevent
this and to prevent the result from being a mixture of old and new values of
comm would incur potentially unacceptable overhead, considering that the value
can be influenced by userspace and therefore untrusted anyways.

Copy the value before passing it to audit_log_untrustedstring() ensures that a
local copy is used to calculate the length *and* subsequently printed.  Even if
this value contains a mix of old and new values, it will only calculate and
copy up to the first NULL, preventing the rest of the audit log message being
truncated.

Use a second local copy of comm to avoid a race between the first and second
calls to audit_log_untrustedstring() with comm.

Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2015-04-15 10:13:20 +10:00
..
apparmor Apparmor: Use d_is_positive/negative() rather than testing dentry->d_inode 2015-02-22 11:38:39 -05:00
integrity Merge branch 'kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2015-02-19 10:36:45 -08:00
keys Don't leak a key reference if request_key() tries to use a revoked keyring 2015-02-16 13:45:16 +11:00
selinux selinux: increase avtab max buckets 2015-04-06 20:16:23 -04:00
smack smack: Fix gcc warning from unused smack_syslog_lock mutex in smackfs.c 2015-03-23 13:24:02 -07:00
tomoyo tomoyo: Do not generate empty policy files 2015-04-07 21:27:45 +02:00
yama security/yama: Remove unnecessary selects from Kconfig. 2015-02-27 16:53:10 -08:00
capability.c Add security hooks to binder and implement the hooks for SELinux. 2015-01-25 09:17:57 -08:00
commoncap.c file->f_path.dentry is pinned down for as long as the file is open... 2015-01-25 23:16:27 -05:00
device_cgroup.c cgroup: rename cgroup_subsys->base_cftypes to ->legacy_cftypes 2014-07-15 11:05:09 -04:00
inode.c VFS: (Scripted) Convert S_ISLNK/DIR/REG(dentry->d_inode) to d_is_*(dentry) 2015-02-22 11:38:41 -05:00
Kconfig security: select correct default LSM_MMAP_MIN_ADDR on arm on arm64 2014-02-05 14:59:14 +00:00
lsm_audit.c lsm: copy comm before calling audit_log to avoid race in string printing 2015-04-15 10:13:20 +10:00
Makefile security: cleanup Makefiles to use standard syntax for specifying sub-directories 2014-02-17 11:08:04 +11:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c Char / Misc patches for 3.20-rc1 2015-02-15 10:48:44 -08:00