diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2013-12-24 06:49:01 -0500 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-03-07 11:32:28 -0500 |
commit | 73a6b44a003ad5dd1af9a8d05f01589dce7cd47a (patch) | |
tree | cd1ef257eeae49811df0b79a39f0d9a6f0cd5e22 | |
parent | d984ea604943bbeedde4e9715984eb942a298383 (diff) |
Integrity: Pass commname via get_task_comm()
When we pass task->comm to audit_log_untrustedstring(), we need to pass it
via get_task_comm() because task->comm can be changed to contain untrusted
string by other threads after audit_log_untrustedstring() confirmed that
task->comm does not contain untrusted string.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-rw-r--r-- | security/integrity/integrity_audit.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c index 809ec8428ee7..4b996ba48fc2 100644 --- a/security/integrity/integrity_audit.c +++ b/security/integrity/integrity_audit.c | |||
@@ -33,6 +33,7 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, | |||
33 | const char *cause, int result, int audit_info) | 33 | const char *cause, int result, int audit_info) |
34 | { | 34 | { |
35 | struct audit_buffer *ab; | 35 | struct audit_buffer *ab; |
36 | char name[TASK_COMM_LEN]; | ||
36 | 37 | ||
37 | if (!integrity_audit_info && audit_info == 1) /* Skip info messages */ | 38 | if (!integrity_audit_info && audit_info == 1) /* Skip info messages */ |
38 | return; | 39 | return; |
@@ -49,7 +50,7 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, | |||
49 | audit_log_format(ab, " cause="); | 50 | audit_log_format(ab, " cause="); |
50 | audit_log_string(ab, cause); | 51 | audit_log_string(ab, cause); |
51 | audit_log_format(ab, " comm="); | 52 | audit_log_format(ab, " comm="); |
52 | audit_log_untrustedstring(ab, current->comm); | 53 | audit_log_untrustedstring(ab, get_task_comm(name, current)); |
53 | if (fname) { | 54 | if (fname) { |
54 | audit_log_format(ab, " name="); | 55 | audit_log_format(ab, " name="); |
55 | audit_log_untrustedstring(ab, fname); | 56 | audit_log_untrustedstring(ab, fname); |