Re: [PATCH 1/2] audit: fix NUL handling in untrusted strings
Andrew Morton píše v Čt 11. 09. 2008 v 12:14 -0700:
On Thu, 11 Sep 2008 00:23:38 +0200
Miloslav Trma__ <mitr(a)redhat.com> wrote:
> The audit record can thus contain a NUL byte (and some unchecked data
> after that). Because the user-space audit daemon treats audit records
> as NUL-terminated strings, an untrusted string that is shorter than the
> specified maximum length effectively terminates the audit record.
>
It's unclear how serious this problem is.
* AUDIT_USER_TTY
records (which are sent from user-space with a trailing
NUL byte) are missing a terminating '"' character.
* Some data is not recorded in AUDIT_TTY records, and the terminating
'"' character is missing in that case as well.
Do you believe that it is
sufficiently serious to warrant merging these fixes into 2.6.27?
2.6.26.x? 2.6.25.x?
This patch (1/2) only fixes creation of incorrectly formatted,
but
easy-to-understand audit records; it would be nice to have it in 2.6.27
(assuming the audit maintainer acks it - or a variant of it). The other
one (2/2), which makes sure all TTY audit data is recorded, should
probably be merged in the stable releases as well.
Mirek