commit 9d9609851003ebed15957f0f2ce18492739ee124 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Audit: clean up all op= output to include string quoting

A number of places in the audit system we send an op= followed by a string
that includes spaces. Somehow this works but it's just wrong. This patch
moves all of those that I could find to be quoted.

Example:

Change From: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1
subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op=remove rule
key="number2" list=4 res=0

Change To: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1
subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op="remove rule"
key="number2" list=4 res=0

Signed-off-by: Eric Paris <eparis@redhat.com>

authored by Eric Paris and committed by Al Viro 16 years ago 9d960985 35fe4d0b

+24 -24

6 changed files

expand all

unified split

include

linux

audit.h

kernel

audit.c

audit_tree.c

audit_watch.c

auditfilter.c

auditsc.c

include/linux/audit.h

··· 599 599 extern void audit_log_d_path(struct audit_buffer *ab, 600 600 const char *prefix, 601 601 struct path *path); 602 + extern void audit_log_key(struct audit_buffer *ab, 603 + char *key); 602 604 extern void audit_log_lost(const char *message); 603 605 extern int audit_update_lsm_rules(void); 604 606 ··· 623 621 #define audit_log_n_untrustedstring(a,n,s) do { ; } while (0) 624 622 #define audit_log_untrustedstring(a,s) do { ; } while (0) 625 623 #define audit_log_d_path(b, p, d) do { ; } while (0) 624 + #define audit_log_key(b, k) do { ; } while (0) 626 625 #define audit_enabled 0 627 626 #endif 628 627 #endif

kernel/audit.c

··· 1450 1450 kfree(pathname); 1451 1451 } 1452 1452 1453 + void audit_log_key(struct audit_buffer *ab, char *key) 1454 + { 1455 + audit_log_format(ab, " key="); 1456 + if (key) 1457 + audit_log_untrustedstring(ab, key); 1458 + else 1459 + audit_log_format(ab, "(null)"); 1460 + } 1461 + 1453 1462 /** 1454 1463 * audit_log_end - end one audit record 1455 1464 * @ab: the audit_buffer

+4 -6

kernel/audit_tree.c

··· 441 441 if (rule->tree) { 442 442 /* not a half-baked one */ 443 443 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 444 - audit_log_format(ab, "op=remove rule dir="); 444 + audit_log_format(ab, "op="); 445 + audit_log_string(ab, "remove rule"); 446 + audit_log_format(ab, " dir="); 445 447 audit_log_untrustedstring(ab, rule->tree->pathname); 446 - if (rule->filterkey) { 447 - audit_log_format(ab, " key="); 448 - audit_log_untrustedstring(ab, rule->filterkey); 449 - } else 450 - audit_log_format(ab, " key=(null)"); 448 + audit_log_key(ab, rule->filterkey); 451 449 audit_log_format(ab, " list=%d res=1", rule->listnr); 452 450 audit_log_end(ab); 453 451 rule->tree = NULL;

+1 -5

kernel/audit_watch.c

··· 234 234 audit_log_string(ab, op); 235 235 audit_log_format(ab, " path="); 236 236 audit_log_untrustedstring(ab, w->path); 237 - if (r->filterkey) { 238 - audit_log_format(ab, " key="); 239 - audit_log_untrustedstring(ab, r->filterkey); 240 - } else 241 - audit_log_format(ab, " key=(null)"); 237 + audit_log_key(ab, r->filterkey); 242 238 audit_log_format(ab, " list=%d res=1", r->listnr); 243 239 audit_log_end(ab); 244 240 }

+5 -7

kernel/auditfilter.c

··· 1079 1079 security_release_secctx(ctx, len); 1080 1080 } 1081 1081 } 1082 - audit_log_format(ab, " op=%s rule key=", action); 1083 - if (rule->filterkey) 1084 - audit_log_untrustedstring(ab, rule->filterkey); 1085 - else 1086 - audit_log_format(ab, "(null)"); 1082 + audit_log_format(ab, " op="); 1083 + audit_log_string(ab, action); 1084 + audit_log_key(ab, rule->filterkey); 1087 1085 audit_log_format(ab, " list=%d res=%d", rule->listnr, res); 1088 1086 audit_log_end(ab); 1089 1087 } ··· 1145 1147 return PTR_ERR(entry); 1146 1148 1147 1149 err = audit_add_rule(entry); 1148 - audit_log_rule_change(loginuid, sessionid, sid, "add", 1150 + audit_log_rule_change(loginuid, sessionid, sid, "add rule", 1149 1151 &entry->rule, !err); 1150 1152 1151 1153 if (err) ··· 1161 1163 return PTR_ERR(entry); 1162 1164 1163 1165 err = audit_del_rule(entry); 1164 - audit_log_rule_change(loginuid, sessionid, sid, "remove", 1166 + audit_log_rule_change(loginuid, sessionid, sid, "remove rule", 1165 1167 &entry->rule, !err); 1166 1168 1167 1169 audit_free_rule(entry);

+2 -6

kernel/auditsc.c

··· 1137 1137 if (has_cntl) 1138 1138 audit_log_n_hex(*ab, buf, to_send); 1139 1139 else 1140 - audit_log_format(*ab, "\"%s\"", buf); 1140 + audit_log_string(*ab, buf); 1141 1141 1142 1142 p += to_send; 1143 1143 len_left -= to_send; ··· 1372 1372 1373 1373 1374 1374 audit_log_task_info(ab, tsk); 1375 - if (context->filterkey) { 1376 - audit_log_format(ab, " key="); 1377 - audit_log_untrustedstring(ab, context->filterkey); 1378 - } else 1379 - audit_log_format(ab, " key=(null)"); 1375 + audit_log_key(ab, context->filterkey); 1380 1376 audit_log_end(ab); 1381 1377 1382 1378 for (aux = context->aux; aux; aux = aux->next) {