12:32 p.m.
Hello,
Attached is a new patch that solves the issue of getting valid credentials
into the LOGIN message. The current code was assuming that the audit context
had already been copied. This is not always the case for LOGIN messages.
To solve the problem, the patch passes the task struct to the function that
emits the message where it can get valid credentials.
Signed-off-by: Steve Grubb <sgrubb(a)redhat.com>
12:54 p.m.
Hi,
I liked my original patch better it works. :)
Attached is a new one, that uses the task's uid & pid instead of the
context's. Grrr.
Signed-off-by: Steve Grubb <sgrubb(a)redhat.com>
12:55 p.m.
* Steve Grubb (sgrubb(a)redhat.com) wrote:
Attached is a new patch that solves the issue of getting valid
credentials
into the LOGIN message. The current code was assuming that the audit context
had already been copied. This is not always the case for LOGIN messages.
To solve the problem, the patch passes the task struct to the function that
emits the message where it can get valid credentials.
This doesn't look right (and it doesn't apply to a current tree).
Here's what I think should go upstream?
thanks,
-chris
diff -urB linux-2.6.9.orig/kernel/auditsc.c
linux-2.6.9/kernel/auditsc.c
--- linux-2.6.9.orig/kernel/auditsc.c 2005-04-25 13:09:43.920801480 -0400
+++ linux-2.6.9/kernel/auditsc.c 2005-04-25 13:18:02.023078424 -0400
@@ -1039,20 +1039,22 @@
extern int audit_set_type(struct audit_buffer *ab, int type);
-int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid)
+int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
{
Could just introduce a local here, eliminate some changes, keeps derefs
to a dull roar ;-)
- if (ctx) {
+ if (task->audit_context) {
struct audit_buffer *ab;
ab = audit_log_start(NULL);
if (ab) {
audit_log_format(ab, "login pid=%d uid=%u "
"old loginuid=%u new loginuid=%u",
- ctx->pid, ctx->uid, ctx->loginuid, loginuid);
+ task->audit_context->pid,
+ task->audit_context->uid,
This just propagated the bug ;-)
-
Pass task struct to audit_set_loginuid() to allow audit message to
accurately record pid and uid for cases when audit_context has yet to
be setup while setting loginuid. Originally from Steve Grubb.
Signed-off-by: Steve Grubb <sgrubb(a)redhat.com>
Signed-off-by: Chris Wright <chrisw(a)osdl.org>
---
fs/proc/base.c: 39fd336cfdb9ca68c354a22f432e74c63a9bf732
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -820,7 +820,7 @@ static ssize_t proc_loginuid_write(struc
goto out_free_page;
}
- length = audit_set_loginuid(task->audit_context, loginuid);
+ length = audit_set_loginuid(task, loginuid);
if (likely(length == 0))
length = count;
include/linux/audit.h: 3628f7cfb1789c16ff9e5f6d20e76e9b6d69672e
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -147,7 +147,7 @@ extern int audit_receive_filter(int typ
void *data);
extern void audit_get_stamp(struct audit_context *ctx,
struct timespec *t, int *serial);
-extern int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid);
+extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
extern uid_t audit_get_loginuid(struct audit_context *ctx);
extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
#else
kernel/auditsc.c: 6f1931381bc9eae1ff454c943036c5b077c4a8a6
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -996,8 +996,10 @@ void audit_get_stamp(struct audit_contex
extern int audit_set_type(struct audit_buffer *ab, int type);
-int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid)
+int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
{
+ struct audit_context *ctx = task->audit_context;
+
if (ctx) {
struct audit_buffer *ab;
@@ -1005,7 +1007,7 @@ int audit_set_loginuid(struct audit_cont
if (ab) {
audit_log_format(ab, "login pid=%d uid=%u "
"old loginuid=%u new loginuid=%u",
- ctx->pid, ctx->uid, ctx->loginuid, loginuid);
+ task->pid, task->uid, ctx->loginuid, loginuid);
audit_set_type(ab, AUDIT_LOGIN);
audit_log_end(ab);
}
7181
days inactive
7181
days old
linux-audit@lists.linux-audit.osci.io
2 comments
2 participants
participants (2)
-
Chris Wright -
Steve Grubb