diff options
| author | Eric Paris <eparis@redhat.com> | 2009-06-11 14:31:37 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-06-24 00:00:52 -0400 |
| commit | 9d9609851003ebed15957f0f2ce18492739ee124 (patch) | |
| tree | 2c116865d2f239b5596b22a3a79eecc82f5e1299 /kernel | |
| parent | 35fe4d0b1b12286a81938e9c5fdfaf639ac0ce5b (diff) | |
Audit: clean up all op= output to include string quoting
A number of places in the audit system we send an op= followed by a string
that includes spaces. Somehow this works but it's just wrong. This patch
moves all of those that I could find to be quoted.
Example:
Change From: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1
subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op=remove rule
key="number2" list=4 res=0
Change To: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1
subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op="remove rule"
key="number2" list=4 res=0
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/audit.c | 9 | ||||
| -rw-r--r-- | kernel/audit_tree.c | 10 | ||||
| -rw-r--r-- | kernel/audit_watch.c | 6 | ||||
| -rw-r--r-- | kernel/auditfilter.c | 12 | ||||
| -rw-r--r-- | kernel/auditsc.c | 8 |
5 files changed, 21 insertions, 24 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index e07ad2340dbe..6194c50e2039 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -1450,6 +1450,15 @@ void audit_log_d_path(struct audit_buffer *ab, const char *prefix, | |||
| 1450 | kfree(pathname); | 1450 | kfree(pathname); |
| 1451 | } | 1451 | } |
| 1452 | 1452 | ||
| 1453 | void audit_log_key(struct audit_buffer *ab, char *key) | ||
| 1454 | { | ||
| 1455 | audit_log_format(ab, " key="); | ||
| 1456 | if (key) | ||
| 1457 | audit_log_untrustedstring(ab, key); | ||
| 1458 | else | ||
| 1459 | audit_log_format(ab, "(null)"); | ||
| 1460 | } | ||
| 1461 | |||
| 1453 | /** | 1462 | /** |
| 1454 | * audit_log_end - end one audit record | 1463 | * audit_log_end - end one audit record |
| 1455 | * @ab: the audit_buffer | 1464 | * @ab: the audit_buffer |
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index 1f6396d76687..3ff0731284a1 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c | |||
| @@ -441,13 +441,11 @@ static void kill_rules(struct audit_tree *tree) | |||
| 441 | if (rule->tree) { | 441 | if (rule->tree) { |
| 442 | /* not a half-baked one */ | 442 | /* not a half-baked one */ |
| 443 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); | 443 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); |
| 444 | audit_log_format(ab, "op=remove rule dir="); | 444 | audit_log_format(ab, "op="); |
| 445 | audit_log_string(ab, "remove rule"); | ||
| 446 | audit_log_format(ab, " dir="); | ||
| 445 | audit_log_untrustedstring(ab, rule->tree->pathname); | 447 | audit_log_untrustedstring(ab, rule->tree->pathname); |
| 446 | if (rule->filterkey) { | 448 | audit_log_key(ab, rule->filterkey); |
| 447 | audit_log_format(ab, " key="); | ||
| 448 | audit_log_untrustedstring(ab, rule->filterkey); | ||
| 449 | } else | ||
| 450 | audit_log_format(ab, " key=(null)"); | ||
| 451 | audit_log_format(ab, " list=%d res=1", rule->listnr); | 449 | audit_log_format(ab, " list=%d res=1", rule->listnr); |
| 452 | audit_log_end(ab); | 450 | audit_log_end(ab); |
| 453 | rule->tree = NULL; | 451 | rule->tree = NULL; |
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c index b49ab019fdff..0e96dbc60ea9 100644 --- a/kernel/audit_watch.c +++ b/kernel/audit_watch.c | |||
| @@ -234,11 +234,7 @@ static void audit_watch_log_rule_change(struct audit_krule *r, struct audit_watc | |||
| 234 | audit_log_string(ab, op); | 234 | audit_log_string(ab, op); |
| 235 | audit_log_format(ab, " path="); | 235 | audit_log_format(ab, " path="); |
| 236 | audit_log_untrustedstring(ab, w->path); | 236 | audit_log_untrustedstring(ab, w->path); |
| 237 | if (r->filterkey) { | 237 | audit_log_key(ab, r->filterkey); |
| 238 | audit_log_format(ab, " key="); | ||
| 239 | audit_log_untrustedstring(ab, r->filterkey); | ||
| 240 | } else | ||
| 241 | audit_log_format(ab, " key=(null)"); | ||
| 242 | audit_log_format(ab, " list=%d res=1", r->listnr); | 238 | audit_log_format(ab, " list=%d res=1", r->listnr); |
| 243 | audit_log_end(ab); | 239 | audit_log_end(ab); |
| 244 | } | 240 | } |
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 21b623595aad..a70604047f3c 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
| @@ -1079,11 +1079,9 @@ static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid, | |||
| 1079 | security_release_secctx(ctx, len); | 1079 | security_release_secctx(ctx, len); |
| 1080 | } | 1080 | } |
| 1081 | } | 1081 | } |
| 1082 | audit_log_format(ab, " op=%s rule key=", action); | 1082 | audit_log_format(ab, " op="); |
| 1083 | if (rule->filterkey) | 1083 | audit_log_string(ab, action); |
| 1084 | audit_log_untrustedstring(ab, rule->filterkey); | 1084 | audit_log_key(ab, rule->filterkey); |
| 1085 | else | ||
| 1086 | audit_log_format(ab, "(null)"); | ||
| 1087 | audit_log_format(ab, " list=%d res=%d", rule->listnr, res); | 1085 | audit_log_format(ab, " list=%d res=%d", rule->listnr, res); |
| 1088 | audit_log_end(ab); | 1086 | audit_log_end(ab); |
| 1089 | } | 1087 | } |
| @@ -1147,7 +1145,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, | |||
| 1147 | return PTR_ERR(entry); | 1145 | return PTR_ERR(entry); |
| 1148 | 1146 | ||
| 1149 | err = audit_add_rule(entry); | 1147 | err = audit_add_rule(entry); |
| 1150 | audit_log_rule_change(loginuid, sessionid, sid, "add", | 1148 | audit_log_rule_change(loginuid, sessionid, sid, "add rule", |
| 1151 | &entry->rule, !err); | 1149 | &entry->rule, !err); |
| 1152 | 1150 | ||
| 1153 | if (err) | 1151 | if (err) |
| @@ -1163,7 +1161,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, | |||
| 1163 | return PTR_ERR(entry); | 1161 | return PTR_ERR(entry); |
| 1164 | 1162 | ||
| 1165 | err = audit_del_rule(entry); | 1163 | err = audit_del_rule(entry); |
| 1166 | audit_log_rule_change(loginuid, sessionid, sid, "remove", | 1164 | audit_log_rule_change(loginuid, sessionid, sid, "remove rule", |
| 1167 | &entry->rule, !err); | 1165 | &entry->rule, !err); |
| 1168 | 1166 | ||
| 1169 | audit_free_rule(entry); | 1167 | audit_free_rule(entry); |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 0b862cac6ca2..2de95d1582bc 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -1137,7 +1137,7 @@ static int audit_log_single_execve_arg(struct audit_context *context, | |||
| 1137 | if (has_cntl) | 1137 | if (has_cntl) |
| 1138 | audit_log_n_hex(*ab, buf, to_send); | 1138 | audit_log_n_hex(*ab, buf, to_send); |
| 1139 | else | 1139 | else |
| 1140 | audit_log_format(*ab, "\"%s\"", buf); | 1140 | audit_log_string(*ab, buf); |
| 1141 | 1141 | ||
| 1142 | p += to_send; | 1142 | p += to_send; |
| 1143 | len_left -= to_send; | 1143 | len_left -= to_send; |
| @@ -1372,11 +1372,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
| 1372 | 1372 | ||
| 1373 | 1373 | ||
| 1374 | audit_log_task_info(ab, tsk); | 1374 | audit_log_task_info(ab, tsk); |
| 1375 | if (context->filterkey) { | 1375 | audit_log_key(ab, context->filterkey); |
| 1376 | audit_log_format(ab, " key="); | ||
| 1377 | audit_log_untrustedstring(ab, context->filterkey); | ||
| 1378 | } else | ||
| 1379 | audit_log_format(ab, " key=(null)"); | ||
| 1380 | audit_log_end(ab); | 1376 | audit_log_end(ab); |
| 1381 | 1377 | ||
| 1382 | for (aux = context->aux; aux; aux = aux->next) { | 1378 | for (aux = context->aux; aux; aux = aux->next) { |