aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2013-12-11 13:52:26 -0500
committerEric Paris <eparis@redhat.com>2014-03-20 10:11:55 -0400
commitf1dc4867ff41b7bcca57fa19449d1fe7ad517ac1 (patch)
tree873f8e7625dc54ae20a0cc2513fb6a33027f36d7
parentc92cdeb45eea38515e82187f48c2e4f435fb4e25 (diff)
audit: anchor all pid references in the initial pid namespace
Store and log all PIDs with reference to the initial PID namespace and use the access functions task_pid_nr() and task_tgid_nr() for task->pid and task->tgid. Cc: "Eric W. Biederman" <ebiederm@xmission.com> (informed by ebiederman's c776b5d2) Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
-rw-r--r--drivers/tty/tty_audit.c3
-rw-r--r--kernel/audit.c5
-rw-r--r--kernel/auditfilter.c17
-rw-r--r--kernel/auditsc.c16
-rw-r--r--security/integrity/integrity_audit.c2
-rw-r--r--security/lsm_audit.c11
6 files changed, 38 insertions, 16 deletions
diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
index b0e540137e39..90ca082935f6 100644
--- a/drivers/tty/tty_audit.c
+++ b/drivers/tty/tty_audit.c
@@ -65,6 +65,7 @@ static void tty_audit_log(const char *description, int major, int minor,
65{ 65{
66 struct audit_buffer *ab; 66 struct audit_buffer *ab;
67 struct task_struct *tsk = current; 67 struct task_struct *tsk = current;
68 pid_t pid = task_pid_nr(tsk);
68 uid_t uid = from_kuid(&init_user_ns, task_uid(tsk)); 69 uid_t uid = from_kuid(&init_user_ns, task_uid(tsk));
69 uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(tsk)); 70 uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(tsk));
70 unsigned int sessionid = audit_get_sessionid(tsk); 71 unsigned int sessionid = audit_get_sessionid(tsk);
@@ -74,7 +75,7 @@ static void tty_audit_log(const char *description, int major, int minor,
74 char name[sizeof(tsk->comm)]; 75 char name[sizeof(tsk->comm)];
75 76
76 audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u major=%d" 77 audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u major=%d"
77 " minor=%d comm=", description, tsk->pid, uid, 78 " minor=%d comm=", description, pid, uid,
78 loginuid, sessionid, major, minor); 79 loginuid, sessionid, major, minor);
79 get_task_comm(name, tsk); 80 get_task_comm(name, tsk);
80 audit_log_untrustedstring(ab, name); 81 audit_log_untrustedstring(ab, name);
diff --git a/kernel/audit.c b/kernel/audit.c
index e1e1b2137048..5a096f8e28cb 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -649,6 +649,7 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type)
649{ 649{
650 int rc = 0; 650 int rc = 0;
651 uid_t uid = from_kuid(&init_user_ns, current_uid()); 651 uid_t uid = from_kuid(&init_user_ns, current_uid());
652 pid_t pid = task_tgid_nr(current);
652 653
653 if (!audit_enabled && msg_type != AUDIT_USER_AVC) { 654 if (!audit_enabled && msg_type != AUDIT_USER_AVC) {
654 *ab = NULL; 655 *ab = NULL;
@@ -658,7 +659,7 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type)
658 *ab = audit_log_start(NULL, GFP_KERNEL, msg_type); 659 *ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
659 if (unlikely(!*ab)) 660 if (unlikely(!*ab))
660 return rc; 661 return rc;
661 audit_log_format(*ab, "pid=%d uid=%u", task_tgid_vnr(current), uid); 662 audit_log_format(*ab, "pid=%d uid=%u", pid, uid);
662 audit_log_session_info(*ab); 663 audit_log_session_info(*ab);
663 audit_log_task_context(*ab); 664 audit_log_task_context(*ab);
664 665
@@ -1823,7 +1824,7 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
1823 " euid=%u suid=%u fsuid=%u" 1824 " euid=%u suid=%u fsuid=%u"
1824 " egid=%u sgid=%u fsgid=%u tty=%s ses=%u", 1825 " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
1825 task_ppid_nr(tsk), 1826 task_ppid_nr(tsk),
1826 tsk->pid, 1827 task_pid_nr(tsk),
1827 from_kuid(&init_user_ns, audit_get_loginuid(tsk)), 1828 from_kuid(&init_user_ns, audit_get_loginuid(tsk)),
1828 from_kuid(&init_user_ns, cred->uid), 1829 from_kuid(&init_user_ns, cred->uid),
1829 from_kgid(&init_user_ns, cred->gid), 1830 from_kgid(&init_user_ns, cred->gid),
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 549bbb6e6597..96c8a704f130 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -433,6 +433,19 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
433 f->val = 0; 433 f->val = 0;
434 } 434 }
435 435
436 if ((f->type == AUDIT_PID) || (f->type == AUDIT_PPID)) {
437 struct pid *pid;
438 rcu_read_lock();
439 pid = find_vpid(f->val);
440 if (!pid) {
441 rcu_read_unlock();
442 err = -ESRCH;
443 goto exit_free;
444 }
445 f->val = pid_nr(pid);
446 rcu_read_unlock();
447 }
448
436 err = audit_field_valid(entry, f); 449 err = audit_field_valid(entry, f);
437 if (err) 450 if (err)
438 goto exit_free; 451 goto exit_free;
@@ -1242,12 +1255,14 @@ static int audit_filter_user_rules(struct audit_krule *rule, int type,
1242 1255
1243 for (i = 0; i < rule->field_count; i++) { 1256 for (i = 0; i < rule->field_count; i++) {
1244 struct audit_field *f = &rule->fields[i]; 1257 struct audit_field *f = &rule->fields[i];
1258 pid_t pid;
1245 int result = 0; 1259 int result = 0;
1246 u32 sid; 1260 u32 sid;
1247 1261
1248 switch (f->type) { 1262 switch (f->type) {
1249 case AUDIT_PID: 1263 case AUDIT_PID:
1250 result = audit_comparator(task_pid_vnr(current), f->op, f->val); 1264 pid = task_pid_nr(current);
1265 result = audit_comparator(pid, f->op, f->val);
1251 break; 1266 break;
1252 case AUDIT_UID: 1267 case AUDIT_UID:
1253 result = audit_uid_comparator(current_uid(), f->op, f->uid); 1268 result = audit_uid_comparator(current_uid(), f->op, f->uid);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index a6cf7ab56e61..6381f25ac3d4 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -457,10 +457,12 @@ static int audit_filter_rules(struct task_struct *tsk,
457 struct audit_field *f = &rule->fields[i]; 457 struct audit_field *f = &rule->fields[i];
458 struct audit_names *n; 458 struct audit_names *n;
459 int result = 0; 459 int result = 0;
460 pid_t pid;
460 461
461 switch (f->type) { 462 switch (f->type) {
462 case AUDIT_PID: 463 case AUDIT_PID:
463 result = audit_comparator(tsk->pid, f->op, f->val); 464 pid = task_pid_nr(tsk);
465 result = audit_comparator(pid, f->op, f->val);
464 break; 466 break;
465 case AUDIT_PPID: 467 case AUDIT_PPID:
466 if (ctx) { 468 if (ctx) {
@@ -2051,7 +2053,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
2051 audit_log_format(ab, "pid=%d uid=%u" 2053 audit_log_format(ab, "pid=%d uid=%u"
2052 " old-auid=%u new-auid=%u old-ses=%u new-ses=%u" 2054 " old-auid=%u new-auid=%u old-ses=%u new-ses=%u"
2053 " res=%d", 2055 " res=%d",
2054 current->pid, uid, 2056 task_pid_nr(current), uid,
2055 oldloginuid, loginuid, oldsessionid, sessionid, 2057 oldloginuid, loginuid, oldsessionid, sessionid,
2056 !rc); 2058 !rc);
2057 audit_log_end(ab); 2059 audit_log_end(ab);
@@ -2275,7 +2277,7 @@ void __audit_ptrace(struct task_struct *t)
2275{ 2277{
2276 struct audit_context *context = current->audit_context; 2278 struct audit_context *context = current->audit_context;
2277 2279
2278 context->target_pid = t->pid; 2280 context->target_pid = task_pid_nr(t);
2279 context->target_auid = audit_get_loginuid(t); 2281 context->target_auid = audit_get_loginuid(t);
2280 context->target_uid = task_uid(t); 2282 context->target_uid = task_uid(t);
2281 context->target_sessionid = audit_get_sessionid(t); 2283 context->target_sessionid = audit_get_sessionid(t);
@@ -2300,7 +2302,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2300 2302
2301 if (audit_pid && t->tgid == audit_pid) { 2303 if (audit_pid && t->tgid == audit_pid) {
2302 if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) { 2304 if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) {
2303 audit_sig_pid = tsk->pid; 2305 audit_sig_pid = task_pid_nr(tsk);
2304 if (uid_valid(tsk->loginuid)) 2306 if (uid_valid(tsk->loginuid))
2305 audit_sig_uid = tsk->loginuid; 2307 audit_sig_uid = tsk->loginuid;
2306 else 2308 else
@@ -2314,7 +2316,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2314 /* optimize the common case by putting first signal recipient directly 2316 /* optimize the common case by putting first signal recipient directly
2315 * in audit_context */ 2317 * in audit_context */
2316 if (!ctx->target_pid) { 2318 if (!ctx->target_pid) {
2317 ctx->target_pid = t->tgid; 2319 ctx->target_pid = task_tgid_nr(t);
2318 ctx->target_auid = audit_get_loginuid(t); 2320 ctx->target_auid = audit_get_loginuid(t);
2319 ctx->target_uid = t_uid; 2321 ctx->target_uid = t_uid;
2320 ctx->target_sessionid = audit_get_sessionid(t); 2322 ctx->target_sessionid = audit_get_sessionid(t);
@@ -2335,7 +2337,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2335 } 2337 }
2336 BUG_ON(axp->pid_count >= AUDIT_AUX_PIDS); 2338 BUG_ON(axp->pid_count >= AUDIT_AUX_PIDS);
2337 2339
2338 axp->target_pid[axp->pid_count] = t->tgid; 2340 axp->target_pid[axp->pid_count] = task_tgid_nr(t);
2339 axp->target_auid[axp->pid_count] = audit_get_loginuid(t); 2341 axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
2340 axp->target_uid[axp->pid_count] = t_uid; 2342 axp->target_uid[axp->pid_count] = t_uid;
2341 axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); 2343 axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
@@ -2435,7 +2437,7 @@ static void audit_log_task(struct audit_buffer *ab)
2435 from_kgid(&init_user_ns, gid), 2437 from_kgid(&init_user_ns, gid),
2436 sessionid); 2438 sessionid);
2437 audit_log_task_context(ab); 2439 audit_log_task_context(ab);
2438 audit_log_format(ab, " pid=%d comm=", current->pid); 2440 audit_log_format(ab, " pid=%d comm=", task_pid_nr(current));
2439 audit_log_untrustedstring(ab, current->comm); 2441 audit_log_untrustedstring(ab, current->comm);
2440 if (mm) { 2442 if (mm) {
2441 down_read(&mm->mmap_sem); 2443 down_read(&mm->mmap_sem);
diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c
index d7efb30404aa..85253b584791 100644
--- a/security/integrity/integrity_audit.c
+++ b/security/integrity/integrity_audit.c
@@ -39,7 +39,7 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
39 39
40 ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno); 40 ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno);
41 audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u", 41 audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u",
42 current->pid, 42 task_pid_nr(current),
43 from_kuid(&init_user_ns, current_cred()->uid), 43 from_kuid(&init_user_ns, current_cred()->uid),
44 from_kuid(&init_user_ns, audit_get_loginuid(current)), 44 from_kuid(&init_user_ns, audit_get_loginuid(current)),
45 audit_get_sessionid(current)); 45 audit_get_sessionid(current));
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 9a62045e6282..69fdf3bc765b 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -220,7 +220,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
220 */ 220 */
221 BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2); 221 BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2);
222 222
223 audit_log_format(ab, " pid=%d comm=", tsk->pid); 223 audit_log_format(ab, " pid=%d comm=", task_pid_nr(tsk));
224 audit_log_untrustedstring(ab, tsk->comm); 224 audit_log_untrustedstring(ab, tsk->comm);
225 225
226 switch (a->type) { 226 switch (a->type) {
@@ -278,9 +278,12 @@ static void dump_common_audit_data(struct audit_buffer *ab,
278 } 278 }
279 case LSM_AUDIT_DATA_TASK: 279 case LSM_AUDIT_DATA_TASK:
280 tsk = a->u.tsk; 280 tsk = a->u.tsk;
281 if (tsk && tsk->pid) { 281 if (tsk) {
282 audit_log_format(ab, " pid=%d comm=", tsk->pid); 282 pid_t pid = task_pid_nr(tsk);
283 audit_log_untrustedstring(ab, tsk->comm); 283 if (pid) {
284 audit_log_format(ab, " pid=%d comm=", pid);
285 audit_log_untrustedstring(ab, tsk->comm);
286 }
284 } 287 }
285 break; 288 break;
286 case LSM_AUDIT_DATA_NET: 289 case LSM_AUDIT_DATA_NET: