diff options
| author | Richard Guy Briggs <rgb@redhat.com> | 2014-03-15 18:42:34 -0400 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2014-09-23 16:37:56 -0400 |
| commit | 9eab339b197a6903043d272295dcb716ff739b21 (patch) | |
| tree | 4f8c204a04b59bc20e679f84f1d6b28f79fcce2c /kernel | |
| parent | f874738e8c178b19479f7b143211a1df00367988 (diff) | |
audit: get comm using lock to avoid race in string printing
When task->comm is passed directly to audit_log_untrustedstring() without
getting a copy or using the task_lock, there is a race that could happen that
would output a NULL (\0) in the output string that would effectively truncate
the rest of the report text after the comm= field in the audit, losing fields.
Use get_task_comm() to get a copy while acquiring the task_lock to prevent
this and to prevent the result from being a mixture of old and new values of
comm.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/audit.c | 5 | ||||
| -rw-r--r-- | kernel/auditsc.c | 3 |
2 files changed, 4 insertions, 4 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 3a80abb6eaa1..53bb39bf79e2 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -1850,7 +1850,7 @@ EXPORT_SYMBOL(audit_log_task_context); | |||
| 1850 | void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) | 1850 | void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) |
| 1851 | { | 1851 | { |
| 1852 | const struct cred *cred; | 1852 | const struct cred *cred; |
| 1853 | char name[sizeof(tsk->comm)]; | 1853 | char comm[sizeof(tsk->comm)]; |
| 1854 | struct mm_struct *mm = tsk->mm; | 1854 | struct mm_struct *mm = tsk->mm; |
| 1855 | char *tty; | 1855 | char *tty; |
| 1856 | 1856 | ||
| @@ -1884,9 +1884,8 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) | |||
| 1884 | from_kgid(&init_user_ns, cred->fsgid), | 1884 | from_kgid(&init_user_ns, cred->fsgid), |
| 1885 | tty, audit_get_sessionid(tsk)); | 1885 | tty, audit_get_sessionid(tsk)); |
| 1886 | 1886 | ||
| 1887 | get_task_comm(name, tsk); | ||
| 1888 | audit_log_format(ab, " comm="); | 1887 | audit_log_format(ab, " comm="); |
| 1889 | audit_log_untrustedstring(ab, name); | 1888 | audit_log_untrustedstring(ab, get_task_comm(comm, tsk)); |
| 1890 | 1889 | ||
| 1891 | if (mm) { | 1890 | if (mm) { |
| 1892 | down_read(&mm->mmap_sem); | 1891 | down_read(&mm->mmap_sem); |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 63a74a703c97..89335723fb2a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -2424,6 +2424,7 @@ static void audit_log_task(struct audit_buffer *ab) | |||
| 2424 | kgid_t gid; | 2424 | kgid_t gid; |
| 2425 | unsigned int sessionid; | 2425 | unsigned int sessionid; |
| 2426 | struct mm_struct *mm = current->mm; | 2426 | struct mm_struct *mm = current->mm; |
| 2427 | char comm[sizeof(current->comm)]; | ||
| 2427 | 2428 | ||
| 2428 | auid = audit_get_loginuid(current); | 2429 | auid = audit_get_loginuid(current); |
| 2429 | sessionid = audit_get_sessionid(current); | 2430 | sessionid = audit_get_sessionid(current); |
| @@ -2436,7 +2437,7 @@ static void audit_log_task(struct audit_buffer *ab) | |||
| 2436 | sessionid); | 2437 | sessionid); |
| 2437 | audit_log_task_context(ab); | 2438 | audit_log_task_context(ab); |
| 2438 | audit_log_format(ab, " pid=%d comm=", task_pid_nr(current)); | 2439 | audit_log_format(ab, " pid=%d comm=", task_pid_nr(current)); |
| 2439 | audit_log_untrustedstring(ab, current->comm); | 2440 | audit_log_untrustedstring(ab, get_task_comm(comm, current)); |
| 2440 | if (mm) { | 2441 | if (mm) { |
| 2441 | down_read(&mm->mmap_sem); | 2442 | down_read(&mm->mmap_sem); |
| 2442 | if (mm->exe_file) | 2443 | if (mm->exe_file) |