Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
Audit: clean up all op= output to include string quoting
A number of places in the audit system we send an op= followed by a string
that includes spaces. Somehow this works but it's just wrong. This patch
moves all of those that I could find to be quoted.
Example:
Change From: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1
subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op=remove rule
key="number2" list=4 res=0
Change To: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1
subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op="remove rule"
key="number2" list=4 res=0
Signed-off-by: Eric Paris <eparis@redhat.com>
authored by Eric Paris and committed by Al Viro 9d960985 35fe4d0b
+3
include/linux/audit.h
+3
include/linux/audit.h
···
599
extern void audit_log_d_path(struct audit_buffer *ab,
600
const char *prefix,
601
struct path *path);
602
extern void audit_log_lost(const char *message);
603
extern int audit_update_lsm_rules(void);
604
···
623
#define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)
624
#define audit_log_untrustedstring(a,s) do { ; } while (0)
625
#define audit_log_d_path(b, p, d) do { ; } while (0)
626
#define audit_enabled 0
627
#endif
628
#endif
···
599
extern void audit_log_d_path(struct audit_buffer *ab,
600
const char *prefix,
601
struct path *path);
602
+
extern void audit_log_key(struct audit_buffer *ab,
603
+
char *key);
604
extern void audit_log_lost(const char *message);
605
extern int audit_update_lsm_rules(void);
606
···
621
#define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)
622
#define audit_log_untrustedstring(a,s) do { ; } while (0)
623
#define audit_log_d_path(b, p, d) do { ; } while (0)
624
+
#define audit_log_key(b, k) do { ; } while (0)
625
#define audit_enabled 0
626
#endif
627
#endif
+9
kernel/audit.c
+9
kernel/audit.c
···
1450
kfree(pathname);
1451
}
1452
1453
+
void audit_log_key(struct audit_buffer *ab, char *key)
1454
+
{
1455
+
audit_log_format(ab, " key=");
1456
+
if (key)
1457
+
audit_log_untrustedstring(ab, key);
1458
+
else
1459
+
audit_log_format(ab, "(null)");
1460
+
}
1461
+
1462
/**
1463
* audit_log_end - end one audit record
1464
* @ab: the audit_buffer
+4
-6
kernel/audit_tree.c
+4
-6
kernel/audit_tree.c
···
441
if (rule->tree) {
442
/* not a half-baked one */
443
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
444
-
audit_log_format(ab, "op=remove rule dir=");
445
audit_log_untrustedstring(ab, rule->tree->pathname);
446
-
if (rule->filterkey) {
447
-
audit_log_format(ab, " key=");
448
-
audit_log_untrustedstring(ab, rule->filterkey);
449
-
} else
450
-
audit_log_format(ab, " key=(null)");
451
audit_log_format(ab, " list=%d res=1", rule->listnr);
452
audit_log_end(ab);
453
rule->tree = NULL;
···
441
if (rule->tree) {
442
/* not a half-baked one */
443
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
444
+
audit_log_format(ab, "op=");
445
+
audit_log_string(ab, "remove rule");
446
+
audit_log_format(ab, " dir=");
447
audit_log_untrustedstring(ab, rule->tree->pathname);
448
+
audit_log_key(ab, rule->filterkey);
449
audit_log_format(ab, " list=%d res=1", rule->listnr);
450
audit_log_end(ab);
451
rule->tree = NULL;
+1
-5
kernel/audit_watch.c
+1
-5
kernel/audit_watch.c
···
234
audit_log_string(ab, op);
235
audit_log_format(ab, " path=");
236
audit_log_untrustedstring(ab, w->path);
237
-
if (r->filterkey) {
238
-
audit_log_format(ab, " key=");
239
-
audit_log_untrustedstring(ab, r->filterkey);
240
-
} else
241
-
audit_log_format(ab, " key=(null)");
242
audit_log_format(ab, " list=%d res=1", r->listnr);
243
audit_log_end(ab);
244
}
+5
-7
kernel/auditfilter.c
+5
-7
kernel/auditfilter.c
···
1079
security_release_secctx(ctx, len);
1080
}
1081
}
1082
-
audit_log_format(ab, " op=%s rule key=", action);
1083
-
if (rule->filterkey)
1084
-
audit_log_untrustedstring(ab, rule->filterkey);
1085
-
else
1086
-
audit_log_format(ab, "(null)");
1087
audit_log_format(ab, " list=%d res=%d", rule->listnr, res);
1088
audit_log_end(ab);
1089
}
···
1145
return PTR_ERR(entry);
1146
1147
err = audit_add_rule(entry);
1148
-
audit_log_rule_change(loginuid, sessionid, sid, "add",
1149
&entry->rule, !err);
1150
1151
if (err)
···
1161
return PTR_ERR(entry);
1162
1163
err = audit_del_rule(entry);
1164
-
audit_log_rule_change(loginuid, sessionid, sid, "remove",
1165
&entry->rule, !err);
1166
1167
audit_free_rule(entry);
···
1079
security_release_secctx(ctx, len);
1080
}
1081
}
1082
+
audit_log_format(ab, " op=");
1083
+
audit_log_string(ab, action);
1084
+
audit_log_key(ab, rule->filterkey);
1085
audit_log_format(ab, " list=%d res=%d", rule->listnr, res);
1086
audit_log_end(ab);
1087
}
···
1147
return PTR_ERR(entry);
1148
1149
err = audit_add_rule(entry);
1150
+
audit_log_rule_change(loginuid, sessionid, sid, "add rule",
1151
&entry->rule, !err);
1152
1153
if (err)
···
1163
return PTR_ERR(entry);
1164
1165
err = audit_del_rule(entry);
1166
+
audit_log_rule_change(loginuid, sessionid, sid, "remove rule",
1167
&entry->rule, !err);
1168
1169
audit_free_rule(entry);
+2
-6
kernel/auditsc.c
+2
-6
kernel/auditsc.c
···
1137
if (has_cntl)
1138
audit_log_n_hex(*ab, buf, to_send);
1139
else
1140
-
audit_log_format(*ab, "\"%s\"", buf);
1141
1142
p += to_send;
1143
len_left -= to_send;
···
1372
1373
1374
audit_log_task_info(ab, tsk);
1375
-
if (context->filterkey) {
1376
-
audit_log_format(ab, " key=");
1377
-
audit_log_untrustedstring(ab, context->filterkey);
1378
-
} else
1379
-
audit_log_format(ab, " key=(null)");
1380
audit_log_end(ab);
1381
1382
for (aux = context->aux; aux; aux = aux->next) {
···
1137
if (has_cntl)
1138
audit_log_n_hex(*ab, buf, to_send);
1139
else
1140
+
audit_log_string(*ab, buf);
1141
1142
p += to_send;
1143
len_left -= to_send;
···
1372
1373
1374
audit_log_task_info(ab, tsk);
1375
+
audit_log_key(ab, context->filterkey);
1376
audit_log_end(ab);
1377
1378
for (aux = context->aux; aux; aux = aux->next) {