[patch 1/2] audit: let userspace fully control TTY input auditing

Remove the code that automatically disables TTY input auditing in processes that open TTYs when they have no other TTY open; this heuristic was intended to automatically handle daemons, but it has false positives (e.g. with sshd) that make it impossible to control TTY input auditing from a PAM module. With this patch, TTY input auditing is controlled from user-space only. On the other hand, not even for daemons does it make sense to audit "input" from PTY masters; this data was produced by a program writing to the PTY slave, and does not represent data entered by the user. Signed-off-by: Miloslav Trmac <mitr@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Miloslav Trmac <mitr@redhat.com> 2008-04-18 16:30:14 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2008-04-28 06:28:24 -0400
commit: 41126226e186d92a45ed664e546abb5204588359 (patch)
tree: cd31de9587e81b01934fe95e574be109dd0129c7 /drivers/char/tty_audit.c
parent: 7719e437fac119e57b17588bab3a8e39ff9d22eb (diff)
1 files changed, 4 insertions, 50 deletions
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c
index caeedd12d494..6342b0534f4d 100644
--- a/drivers/char/tty_audit.c
+++ b/drivers/char/tty_audit.c
@@ -233,6 +233,10 @@ void tty_audit_add_data(struct tty_struct *tty, unsigned char *data,
        if (unlikely(size == 0))
                return;
+        if (tty->driver->type == TTY_DRIVER_TYPE_PTY
+            && tty->driver->subtype == PTY_TYPE_MASTER)
+                return;
        buf = tty_audit_buf_get(tty);
        if (!buf)
                return;
@@ -295,53 +299,3 @@ void tty_audit_push(struct tty_struct *tty)
                tty_audit_buf_put(buf);
        }
 }
-/**
- *      tty_audit_opening       -       A TTY is being opened.
- *
- *      As a special hack, tasks that close all their TTYs and open new ones
- *      are assumed to be system daemons (e.g. getty) and auditing is
- *      automatically disabled for them.
- */
-void tty_audit_opening(void)
-{
-        int disable;
-        disable = 1;
-        spin_lock_irq(&current->sighand->siglock);
-        if (current->signal->audit_tty == 0)
-                disable = 0;
-        spin_unlock_irq(&current->sighand->siglock);
-        if (!disable)
-                return;
-        task_lock(current);
-        if (current->files) {
-                struct fdtable *fdt;
-                unsigned i;
-                /*
-                 * We don't take a ref to the file, so we must hold ->file_lock
-                 * instead.
-                 */
-                spin_lock(&current->files->file_lock);
-                fdt = files_fdtable(current->files);
-                for (i = 0; i < fdt->max_fds; i++) {
-                        struct file *filp;
-                        filp = fcheck_files(current->files, i);
-                        if (filp && is_tty(filp)) {
-                                disable = 0;
-                                break;
-                        }
-                }
-                spin_unlock(&current->files->file_lock);
-        }
-        task_unlock(current);
-        if (!disable)
-                return;
-        spin_lock_irq(&current->sighand->siglock);
-        current->signal->audit_tty = 0;
-        spin_unlock_irq(&current->sighand->siglock);
-}
author	Miloslav Trmac <mitr@redhat.com>	2008-04-18 16:30:14 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2008-04-28 06:28:24 -0400
commit	41126226e186d92a45ed664e546abb5204588359 (patch)
tree	cd31de9587e81b01934fe95e574be109dd0129c7 /drivers/char/tty_audit.c
parent	7719e437fac119e57b17588bab3a8e39ff9d22eb (diff)

diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c index caeedd12d494..6342b0534f4d 100644 --- a/drivers/char/tty_audit.c +++ b/drivers/char/tty_audit.c
@@ -233,6 +233,10 @@ void tty_audit_add_data(struct tty_struct tty, unsigned char data,
233	if (unlikely(size == 0))	233	if (unlikely(size == 0))
234	return;	234	return;
235		235
		236	if (tty->driver->type == TTY_DRIVER_TYPE_PTY
		237	&& tty->driver->subtype == PTY_TYPE_MASTER)
		238	return;
		239
236	buf = tty_audit_buf_get(tty);	240	buf = tty_audit_buf_get(tty);
237	if (!buf)	241	if (!buf)
238	return;	242	return;
@@ -295,53 +299,3 @@ void tty_audit_push(struct tty_struct *tty)
295	tty_audit_buf_put(buf);	299	tty_audit_buf_put(buf);
296	}	300	}
297	}	301	}
298
299	/**
300	* tty_audit_opening - A TTY is being opened.
301	*
302	* As a special hack, tasks that close all their TTYs and open new ones
303	* are assumed to be system daemons (e.g. getty) and auditing is
304	* automatically disabled for them.
305	*/
306	void tty_audit_opening(void)
307	{
308	int disable;
309
310	disable = 1;
311	spin_lock_irq(&current->sighand->siglock);
312	if (current->signal->audit_tty == 0)
313	disable = 0;
314	spin_unlock_irq(&current->sighand->siglock);
315	if (!disable)
316	return;
317
318	task_lock(current);
319	if (current->files) {
320	struct fdtable *fdt;
321	unsigned i;
322
323	/*
324	* We don't take a ref to the file, so we must hold ->file_lock
325	* instead.
326	*/
327	spin_lock(&current->files->file_lock);
328	fdt = files_fdtable(current->files);
329	for (i = 0; i < fdt->max_fds; i++) {
330	struct file *filp;
331
332	filp = fcheck_files(current->files, i);
333	if (filp && is_tty(filp)) {
334	disable = 0;
335	break;
336	}
337	}
338	spin_unlock(&current->files->file_lock);
339	}
340	task_unlock(current);
341	if (!disable)
342	return;
343
344	spin_lock_irq(&current->sighand->siglock);
345	current->signal->audit_tty = 0;
346	spin_unlock_irq(&current->sighand->siglock);
347	}