diff options
author | Alexander Viro <aviro@redhat.com> | 2006-09-29 00:08:50 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-10-04 08:31:19 -0400 |
commit | 419c58f11fb732cc8bd1335fa43e0decb34e0be3 (patch) | |
tree | 7eb03026bd7e102d235ccc02f81daf1127d93358 | |
parent | 4b8a311bb161a3bd2ab44311f42c526b6dc76270 (diff) |
[PATCH] PPID filtering fix
On Thu, Sep 28, 2006 at 04:03:06PM -0400, Eric Paris wrote:
> After some looking I did not see a way to get into audit_log_exit
> without having set the ppid. So I am dropping the set from there and
> only doing it at the beginning.
>
> Please comment/ack/nak as soon as possible.
Ehh... That's one hell of an overhead to be had ;-/ Let's be lazy.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | kernel/auditsc.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 105147631753..b61c0191f3da 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -278,8 +278,11 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
278 | result = audit_comparator(tsk->pid, f->op, f->val); | 278 | result = audit_comparator(tsk->pid, f->op, f->val); |
279 | break; | 279 | break; |
280 | case AUDIT_PPID: | 280 | case AUDIT_PPID: |
281 | if (ctx) | 281 | if (ctx) { |
282 | if (!ctx->ppid) | ||
283 | ctx->ppid = sys_getppid(); | ||
282 | result = audit_comparator(ctx->ppid, f->op, f->val); | 284 | result = audit_comparator(ctx->ppid, f->op, f->val); |
285 | } | ||
283 | break; | 286 | break; |
284 | case AUDIT_UID: | 287 | case AUDIT_UID: |
285 | result = audit_comparator(tsk->uid, f->op, f->val); | 288 | result = audit_comparator(tsk->uid, f->op, f->val); |
@@ -795,7 +798,8 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
795 | 798 | ||
796 | /* tsk == current */ | 799 | /* tsk == current */ |
797 | context->pid = tsk->pid; | 800 | context->pid = tsk->pid; |
798 | context->ppid = sys_getppid(); /* sic. tsk == current in all cases */ | 801 | if (!context->ppid) |
802 | context->ppid = sys_getppid(); | ||
799 | context->uid = tsk->uid; | 803 | context->uid = tsk->uid; |
800 | context->gid = tsk->gid; | 804 | context->gid = tsk->gid; |
801 | context->euid = tsk->euid; | 805 | context->euid = tsk->euid; |
@@ -1137,6 +1141,7 @@ void audit_syscall_entry(int arch, int major, | |||
1137 | context->ctime = CURRENT_TIME; | 1141 | context->ctime = CURRENT_TIME; |
1138 | context->in_syscall = 1; | 1142 | context->in_syscall = 1; |
1139 | context->auditable = !!(state == AUDIT_RECORD_CONTEXT); | 1143 | context->auditable = !!(state == AUDIT_RECORD_CONTEXT); |
1144 | context->ppid = 0; | ||
1140 | } | 1145 | } |
1141 | 1146 | ||
1142 | /** | 1147 | /** |