Re: [RFC][PATCH] (#6) filesystem auditing
* Steve Grubb (sgrubb(a)redhat.com) wrote:
On Monday 14 March 2005 18:14, Timothy R. Chavez wrote:
> This patch has enough changes in it to be called patch #6
I just noticed this in audit.h:
struct audit_watch {
int namelen;
int fklen;
Shouldn't these be pinned down to a byte size? Like __u32 or __u16? It seems
safer to me when you consider userspace to kernel packets and whether the
kernel is 64 bit and userspace 32 bit.
IIUC, they'd be 32 bit in either case, but can't hurt to be specific.
But more interesting...what if a -1 was sent for fklen?
+ if (req->fklen) {
+ ret = -ENOMEM;
+ filterkey = kmalloc(req->fklen, GFP_KERNEL);
Kaboom...
Luckily, your kmalloc(-1) example would fail (there's no slab that
big), but if there's no value in having the lens be signed, then make
'em unsigned. And, of course, assume all userspace data is unsafe and
do sanity checking.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net