diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2012-09-11 02:10:16 -0400 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-09-17 21:03:31 -0400 |
commit | 02276bda4a2bf094fcde89fb5db4d9e86347ebf4 (patch) | |
tree | 7f06da4dd9757c353133b9c512334daf96cfec1e /kernel/audit.c | |
parent | 34e36d8ecbd958bc15f8e63deade1227de337eb1 (diff) |
audit: Use current instead of NETLINK_CREDS() in audit_filter
Get caller process uid and gid and pid values from the current task
instead of the NETLINK_CB. This is simpler than passing NETLINK_CREDS
from from audit_receive_msg to audit_filter_user_rules and avoid the
chance of being hit by the occassional bugs in netlink uid/gid
credential passing. This is a safe changes because all netlink
requests are processed in the task of the sending process.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r-- | kernel/audit.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 7b7268e3073b..fecb1507b485 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -744,7 +744,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
744 | if (!audit_enabled && msg_type != AUDIT_USER_AVC) | 744 | if (!audit_enabled && msg_type != AUDIT_USER_AVC) |
745 | return 0; | 745 | return 0; |
746 | 746 | ||
747 | err = audit_filter_user(&NETLINK_CB(skb)); | 747 | err = audit_filter_user(); |
748 | if (err == 1) { | 748 | if (err == 1) { |
749 | err = 0; | 749 | err = 0; |
750 | if (msg_type == AUDIT_USER_TTY) { | 750 | if (msg_type == AUDIT_USER_TTY) { |