Re: audit-ptrace patch (untested)
On Mon, 2007-03-05 at 09:50 -0500, Alexander Viro wrote:
That one is on top of security_getprocattr() patch. See
bz#228384...
<snip>
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 89875b2..c8465ea 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
<snip>
@@ -1874,6 +1887,13 @@ int audit_sockaddr(int len, void *a)
return 0;
}
+void __audit_ptrace(struct task_struct *t)
+{
+ struct audit_context *context = current->audit_context;
+ context->target_pid = t->pid;
+ security_getprocattr(t, "current", &context->obj_ctx);
+}
This will trigger a permission check in selinux_getprocattr, because
current != t. So the audit system could be prevented from fetching the
context in this way based on the current task's permissions. As with
the prior patch, I'd suggest using security_task_getsecid() and
security_secid_to_secctx() [or their selinux-specific equivalents,
selinux_get_task_sid and selinux_sid_to_string, already in use by audit]
instead for such internal access to security contexts.
--
Stephen Smalley
National Security Agency