tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
IMA: use audit_log_untrusted_string rather than %s
Convert all of the places IMA calls audit_log_format with %s into
audit_log_untrusted_string(). This is going to cause them all to get
quoted, but it should make audit log injection harder.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
authored by
Eric Paris
and committed by
James Morris
2f1506cd
7233e3ee
+20
-13
+20
-13
security/integrity/ima/ima_policy.c
+20
-13
security/integrity/ima/ima_policy.c
···
255
255
return result;
256
256
}
257
257
258
+
static void ima_log_string(struct audit_buffer *ab, char *key, char *value)
259
+
{
260
+
audit_log_format(ab, "%s=", key);
261
+
audit_log_untrustedstring(ab, value);
262
+
audit_log_format(ab, " ");
263
+
}
264
+
258
265
static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
259
266
{
260
267
struct audit_buffer *ab;
···
284
277
token = match_token(p, policy_tokens, args);
285
278
switch (token) {
286
279
case Opt_measure:
287
-
audit_log_format(ab, "%s ", "measure");
280
+
ima_log_string(ab, "action", "measure");
288
281
289
282
if (entry->action != UNKNOWN)
290
283
result = -EINVAL;
···
292
285
entry->action = MEASURE;
293
286
break;
294
287
case Opt_dont_measure:
295
-
audit_log_format(ab, "%s ", "dont_measure");
288
+
ima_log_string(ab, "action", "dont_measure");
296
289
297
290
if (entry->action != UNKNOWN)
298
291
result = -EINVAL;
···
300
293
entry->action = DONT_MEASURE;
301
294
break;
302
295
case Opt_func:
303
-
audit_log_format(ab, "func=%s ", args[0].from);
296
+
ima_log_string(ab, "func", args[0].from);
304
297
305
298
if (entry->func)
306
299
result = -EINVAL;
···
320
313
entry->flags |= IMA_FUNC;
321
314
break;
322
315
case Opt_mask:
323
-
audit_log_format(ab, "mask=%s ", args[0].from);
316
+
ima_log_string(ab, "mask", args[0].from);
324
317
325
318
if (entry->mask)
326
319
result = -EINVAL;
···
339
332
entry->flags |= IMA_MASK;
340
333
break;
341
334
case Opt_fsmagic:
342
-
audit_log_format(ab, "fsmagic=%s ", args[0].from);
335
+
ima_log_string(ab, "fsmagic", args[0].from);
343
336
344
337
if (entry->fsmagic) {
345
338
result = -EINVAL;
···
352
345
entry->flags |= IMA_FSMAGIC;
353
346
break;
354
347
case Opt_uid:
355
-
audit_log_format(ab, "uid=%s ", args[0].from);
348
+
ima_log_string(ab, "uid", args[0].from);
356
349
357
350
if (entry->uid != -1) {
358
351
result = -EINVAL;
···
369
362
}
370
363
break;
371
364
case Opt_obj_user:
372
-
audit_log_format(ab, "obj_user=%s ", args[0].from);
365
+
ima_log_string(ab, "obj_user", args[0].from);
373
366
result = ima_lsm_rule_init(entry, args[0].from,
374
367
LSM_OBJ_USER,
375
368
AUDIT_OBJ_USER);
376
369
break;
377
370
case Opt_obj_role:
378
-
audit_log_format(ab, "obj_role=%s ", args[0].from);
371
+
ima_log_string(ab, "obj_role", args[0].from);
379
372
result = ima_lsm_rule_init(entry, args[0].from,
380
373
LSM_OBJ_ROLE,
381
374
AUDIT_OBJ_ROLE);
382
375
break;
383
376
case Opt_obj_type:
384
-
audit_log_format(ab, "obj_type=%s ", args[0].from);
377
+
ima_log_string(ab, "obj_type", args[0].from);
385
378
result = ima_lsm_rule_init(entry, args[0].from,
386
379
LSM_OBJ_TYPE,
387
380
AUDIT_OBJ_TYPE);
388
381
break;
389
382
case Opt_subj_user:
390
-
audit_log_format(ab, "subj_user=%s ", args[0].from);
383
+
ima_log_string(ab, "subj_user", args[0].from);
391
384
result = ima_lsm_rule_init(entry, args[0].from,
392
385
LSM_SUBJ_USER,
393
386
AUDIT_SUBJ_USER);
394
387
break;
395
388
case Opt_subj_role:
396
-
audit_log_format(ab, "subj_role=%s ", args[0].from);
389
+
ima_log_string(ab, "subj_role", args[0].from);
397
390
result = ima_lsm_rule_init(entry, args[0].from,
398
391
LSM_SUBJ_ROLE,
399
392
AUDIT_SUBJ_ROLE);
400
393
break;
401
394
case Opt_subj_type:
402
-
audit_log_format(ab, "subj_type=%s ", args[0].from);
395
+
ima_log_string(ab, "subj_type", args[0].from);
403
396
result = ima_lsm_rule_init(entry, args[0].from,
404
397
LSM_SUBJ_TYPE,
405
398
AUDIT_SUBJ_TYPE);
406
399
break;
407
400
case Opt_err:
401
+
ima_log_string(ab, "UNKNOWN", p);
408
402
result = -EINVAL;
409
-
audit_log_format(ab, "UNKNOWN=%s ", p);
410
403
break;
411
404
}
412
405
}