aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2006-09-28 17:46:21 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2006-10-04 08:31:16 -0400
commit4b8a311bb161a3bd2ab44311f42c526b6dc76270 (patch)
treea2a269d8292ebcb8020c6748dad340bf74566979
parent78b656b8bf933101b42409b4492734b23427bfc3 (diff)
[PATCH] arch filter lists with < or > should not be accepted
Currently the kernel audit system represents arch's as numbers and will gladly accept comparisons between archs using >, <, >=, <= when the only thing that makes sense is = or !=. I'm told that the next revision of auditctl will do this checking but this will provide enforcement in the kernel even for old userspace. A simple command to show the issue would be to run auditctl -d entry,always -F arch>i686 -S chmod with this patch the kernel will reject this with -EINVAL Please comment/ack/nak as soon as possible. -Eric kernel/auditfilter.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--kernel/auditfilter.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 1a58a81fb09d..4f40d923af8e 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -411,7 +411,6 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
411 case AUDIT_FSGID: 411 case AUDIT_FSGID:
412 case AUDIT_LOGINUID: 412 case AUDIT_LOGINUID:
413 case AUDIT_PERS: 413 case AUDIT_PERS:
414 case AUDIT_ARCH:
415 case AUDIT_MSGTYPE: 414 case AUDIT_MSGTYPE:
416 case AUDIT_PPID: 415 case AUDIT_PPID:
417 case AUDIT_DEVMAJOR: 416 case AUDIT_DEVMAJOR:
@@ -423,6 +422,14 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
423 case AUDIT_ARG2: 422 case AUDIT_ARG2:
424 case AUDIT_ARG3: 423 case AUDIT_ARG3:
425 break; 424 break;
425 /* arch is only allowed to be = or != */
426 case AUDIT_ARCH:
427 if ((f->op != AUDIT_NOT_EQUAL) && (f->op != AUDIT_EQUAL)
428 && (f->op != AUDIT_NEGATE) && (f->op)) {
429 err = -EINVAL;
430 goto exit_free;
431 }
432 break;
426 case AUDIT_PERM: 433 case AUDIT_PERM:
427 if (f->val & ~15) 434 if (f->val & ~15)
428 goto exit_free; 435 goto exit_free;