diff options
| author | Richard Guy Briggs <rgb@redhat.com> | 2013-09-16 18:20:42 -0400 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2013-11-05 11:06:49 -0500 |
| commit | b50eba7e2d534762a19a7207dda012f09302a8d2 (patch) | |
| tree | 3b9f2e1c2f591648d2e9c64a66e7d01bf4e47c3a | |
| parent | 6e4664525b1db28f8c4e1130957f70a94c19213e (diff) | |
audit: format user messages to size of MAX_AUDIT_MESSAGE_LENGTH
Messages of type AUDIT_USER_TTY were being formatted to 1024 octets,
truncating messages approaching MAX_AUDIT_MESSAGE_LENGTH (8970 octets).
Set the formatting to 8560 characters, given maximum estimates for prefix and
suffix budgets.
See the problem discussion:
https://www.redhat.com/archives/linux-audit/2009-January/msg00030.html
And the new size rationale:
https://www.redhat.com/archives/linux-audit/2013-September/msg00016.html
Test ~8k messages with:
auditctl -m "$(for i in $(seq -w 001 820);do echo -n "${i}0______";done)"
Reported-by: LC Bruzenak <lenny@magitekltd.com>
Reported-by: Justin Stephenson <jstephen@redhat.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
| -rw-r--r-- | include/uapi/linux/audit.h | 6 | ||||
| -rw-r--r-- | kernel/audit.c | 3 |
2 files changed, 8 insertions, 1 deletions
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 75cef3fd97ad..5dfcd85037e2 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h | |||
| @@ -358,6 +358,12 @@ enum { | |||
| 358 | #define AUDIT_PERM_READ 4 | 358 | #define AUDIT_PERM_READ 4 |
| 359 | #define AUDIT_PERM_ATTR 8 | 359 | #define AUDIT_PERM_ATTR 8 |
| 360 | 360 | ||
| 361 | /* MAX_AUDIT_MESSAGE_LENGTH is set in audit:lib/libaudit.h as: | ||
| 362 | * 8970 // PATH_MAX*2+CONTEXT_SIZE*2+11+256+1 | ||
| 363 | * max header+body+tailer: 44 + 29 + 32 + 262 + 7 + pad | ||
| 364 | */ | ||
| 365 | #define AUDIT_MESSAGE_TEXT_MAX 8560 | ||
| 366 | |||
| 361 | struct audit_status { | 367 | struct audit_status { |
| 362 | __u32 mask; /* Bit mask for valid entries */ | 368 | __u32 mask; /* Bit mask for valid entries */ |
| 363 | __u32 enabled; /* 1 = enabled, 0 = disabled */ | 369 | __u32 enabled; /* 1 = enabled, 0 = disabled */ |
diff --git a/kernel/audit.c b/kernel/audit.c index 91e53d04b6a9..dd63d2f978d5 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -715,7 +715,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 715 | } | 715 | } |
| 716 | audit_log_common_recv_msg(&ab, msg_type); | 716 | audit_log_common_recv_msg(&ab, msg_type); |
| 717 | if (msg_type != AUDIT_USER_TTY) | 717 | if (msg_type != AUDIT_USER_TTY) |
| 718 | audit_log_format(ab, " msg='%.1024s'", | 718 | audit_log_format(ab, " msg='%.*s'", |
| 719 | AUDIT_MESSAGE_TEXT_MAX, | ||
| 719 | (char *)data); | 720 | (char *)data); |
| 720 | else { | 721 | else { |
| 721 | int size; | 722 | int size; |