Re: [PATCH 1/1] Added exe field to audit core dump signal log
On Wednesday, July 08, 2015 04:50:27 PM Paul Moore wrote:
On Wednesday, July 08, 2015 04:28:06 PM Steve Grubb wrote:
> Hello Paul Moore,
>
> Looks like this patch never got picked up. I think we should apply it.
Thanks for finding this; did you run into this problem?
I was going through old email trying to clear my backlog and saw this
one marked for follow up at some point.
Since this was posted back in 2013 it would be nice if someone could
do a
quick sanity test to show that 1) the problem still exists on current
kernels and
This is the function in question:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kern...
Actually, I missed the call to audit_log_d_path_exe() because I was looking
for exe= in the logging string ...so its already fixed.
Sorry for the noise. :-)
-Steve
2) the patch below fixes it. You get extra credit if you show
your work.
The reproducer should be trivial; I'm just dealing with some other issues
these next few days.
> On Thursday, November 14, 2013 08:56:57 AM Paul Davies C wrote:
> > Currently when the coredump signals are logged by the audit system , the
> > actual path to the executable is not logged. Without details of exe ,
> > the
> > system admin may not have an exact idea on what program failed.
> >
> > This patch changes the audit_log_task() so that the path to the exe is
> > also
> > logged.
> >
> > Signed-off-by: Paul Davies C <pauldaviesc(a)gmail.com>
> > ---
> >
> > kernel/auditsc.c | 7 +++++++
> > 1 file changed, 7 insertions(+)
> >
> > diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> > index 9845cb3..988de72 100644
> > --- a/kernel/auditsc.c
> > +++ b/kernel/auditsc.c
> > @@ -2353,6 +2353,7 @@ static void audit_log_task(struct audit_buffer
> > *ab)
> >
> > kuid_t auid, uid;
> > kgid_t gid;
> > unsigned int sessionid;
> >
> > + struct mm_struct *mm = current->mm;
> >
> > auid = audit_get_loginuid(current);
> > sessionid = audit_get_sessionid(current);
> >
> > @@ -2366,6 +2367,12 @@ static void audit_log_task(struct audit_buffer
> > *ab)
> >
> > audit_log_task_context(ab);
> > audit_log_format(ab, " pid=%d comm=", current->pid);
> > audit_log_untrustedstring(ab, current->comm);
> >
> > + if (mm) {
> > + down_read(&mm->mmap_sem);
> > + if (mm->exe_file)
> > + audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
> > + up_read(&mm->mmap_sem);
> > + }
> >
> > }
> >
> > static void audit_log_abend(struct audit_buffer *ab, char *reason, long
> >
> > signr)