diff options
| author | Eric Paris <eparis@redhat.com> | 2010-04-20 10:21:30 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-04-20 19:58:17 -0400 |
| commit | 2f1506cd82e0725ba00c7146a9a9b47824a5edcf (patch) | |
| tree | ac92c983ab10842e82e229c00b697566c6f20028 /security | |
| parent | 7233e3ee22b1506723411fe437bcf69f678e8cdd (diff) | |
IMA: use audit_log_untrusted_string rather than %s
Convert all of the places IMA calls audit_log_format with %s into
audit_log_untrusted_string(). This is going to cause them all to get
quoted, but it should make audit log injection harder.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index babc5009756d..778a735621f1 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
| @@ -255,6 +255,13 @@ static int ima_lsm_rule_init(struct ima_measure_rule_entry *entry, | |||
| 255 | return result; | 255 | return result; |
| 256 | } | 256 | } |
| 257 | 257 | ||
| 258 | static void ima_log_string(struct audit_buffer *ab, char *key, char *value) | ||
| 259 | { | ||
| 260 | audit_log_format(ab, "%s=", key); | ||
| 261 | audit_log_untrustedstring(ab, value); | ||
| 262 | audit_log_format(ab, " "); | ||
| 263 | } | ||
| 264 | |||
| 258 | static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | 265 | static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) |
| 259 | { | 266 | { |
| 260 | struct audit_buffer *ab; | 267 | struct audit_buffer *ab; |
| @@ -277,7 +284,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 277 | token = match_token(p, policy_tokens, args); | 284 | token = match_token(p, policy_tokens, args); |
| 278 | switch (token) { | 285 | switch (token) { |
| 279 | case Opt_measure: | 286 | case Opt_measure: |
| 280 | audit_log_format(ab, "%s ", "measure"); | 287 | ima_log_string(ab, "action", "measure"); |
| 281 | 288 | ||
| 282 | if (entry->action != UNKNOWN) | 289 | if (entry->action != UNKNOWN) |
| 283 | result = -EINVAL; | 290 | result = -EINVAL; |
| @@ -285,7 +292,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 285 | entry->action = MEASURE; | 292 | entry->action = MEASURE; |
| 286 | break; | 293 | break; |
| 287 | case Opt_dont_measure: | 294 | case Opt_dont_measure: |
| 288 | audit_log_format(ab, "%s ", "dont_measure"); | 295 | ima_log_string(ab, "action", "dont_measure"); |
| 289 | 296 | ||
| 290 | if (entry->action != UNKNOWN) | 297 | if (entry->action != UNKNOWN) |
| 291 | result = -EINVAL; | 298 | result = -EINVAL; |
| @@ -293,7 +300,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 293 | entry->action = DONT_MEASURE; | 300 | entry->action = DONT_MEASURE; |
| 294 | break; | 301 | break; |
| 295 | case Opt_func: | 302 | case Opt_func: |
| 296 | audit_log_format(ab, "func=%s ", args[0].from); | 303 | ima_log_string(ab, "func", args[0].from); |
| 297 | 304 | ||
| 298 | if (entry->func) | 305 | if (entry->func) |
| 299 | result = -EINVAL; | 306 | result = -EINVAL; |
| @@ -313,7 +320,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 313 | entry->flags |= IMA_FUNC; | 320 | entry->flags |= IMA_FUNC; |
| 314 | break; | 321 | break; |
| 315 | case Opt_mask: | 322 | case Opt_mask: |
| 316 | audit_log_format(ab, "mask=%s ", args[0].from); | 323 | ima_log_string(ab, "mask", args[0].from); |
| 317 | 324 | ||
| 318 | if (entry->mask) | 325 | if (entry->mask) |
| 319 | result = -EINVAL; | 326 | result = -EINVAL; |
| @@ -332,7 +339,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 332 | entry->flags |= IMA_MASK; | 339 | entry->flags |= IMA_MASK; |
| 333 | break; | 340 | break; |
| 334 | case Opt_fsmagic: | 341 | case Opt_fsmagic: |
| 335 | audit_log_format(ab, "fsmagic=%s ", args[0].from); | 342 | ima_log_string(ab, "fsmagic", args[0].from); |
| 336 | 343 | ||
| 337 | if (entry->fsmagic) { | 344 | if (entry->fsmagic) { |
| 338 | result = -EINVAL; | 345 | result = -EINVAL; |
| @@ -345,7 +352,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 345 | entry->flags |= IMA_FSMAGIC; | 352 | entry->flags |= IMA_FSMAGIC; |
| 346 | break; | 353 | break; |
| 347 | case Opt_uid: | 354 | case Opt_uid: |
| 348 | audit_log_format(ab, "uid=%s ", args[0].from); | 355 | ima_log_string(ab, "uid", args[0].from); |
| 349 | 356 | ||
| 350 | if (entry->uid != -1) { | 357 | if (entry->uid != -1) { |
| 351 | result = -EINVAL; | 358 | result = -EINVAL; |
| @@ -362,44 +369,44 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 362 | } | 369 | } |
| 363 | break; | 370 | break; |
| 364 | case Opt_obj_user: | 371 | case Opt_obj_user: |
| 365 | audit_log_format(ab, "obj_user=%s ", args[0].from); | 372 | ima_log_string(ab, "obj_user", args[0].from); |
| 366 | result = ima_lsm_rule_init(entry, args[0].from, | 373 | result = ima_lsm_rule_init(entry, args[0].from, |
| 367 | LSM_OBJ_USER, | 374 | LSM_OBJ_USER, |
| 368 | AUDIT_OBJ_USER); | 375 | AUDIT_OBJ_USER); |
| 369 | break; | 376 | break; |
| 370 | case Opt_obj_role: | 377 | case Opt_obj_role: |
| 371 | audit_log_format(ab, "obj_role=%s ", args[0].from); | 378 | ima_log_string(ab, "obj_role", args[0].from); |
| 372 | result = ima_lsm_rule_init(entry, args[0].from, | 379 | result = ima_lsm_rule_init(entry, args[0].from, |
| 373 | LSM_OBJ_ROLE, | 380 | LSM_OBJ_ROLE, |
| 374 | AUDIT_OBJ_ROLE); | 381 | AUDIT_OBJ_ROLE); |
| 375 | break; | 382 | break; |
| 376 | case Opt_obj_type: | 383 | case Opt_obj_type: |
| 377 | audit_log_format(ab, "obj_type=%s ", args[0].from); | 384 | ima_log_string(ab, "obj_type", args[0].from); |
| 378 | result = ima_lsm_rule_init(entry, args[0].from, | 385 | result = ima_lsm_rule_init(entry, args[0].from, |
| 379 | LSM_OBJ_TYPE, | 386 | LSM_OBJ_TYPE, |
| 380 | AUDIT_OBJ_TYPE); | 387 | AUDIT_OBJ_TYPE); |
| 381 | break; | 388 | break; |
| 382 | case Opt_subj_user: | 389 | case Opt_subj_user: |
| 383 | audit_log_format(ab, "subj_user=%s ", args[0].from); | 390 | ima_log_string(ab, "subj_user", args[0].from); |
| 384 | result = ima_lsm_rule_init(entry, args[0].from, | 391 | result = ima_lsm_rule_init(entry, args[0].from, |
| 385 | LSM_SUBJ_USER, | 392 | LSM_SUBJ_USER, |
| 386 | AUDIT_SUBJ_USER); | 393 | AUDIT_SUBJ_USER); |
| 387 | break; | 394 | break; |
| 388 | case Opt_subj_role: | 395 | case Opt_subj_role: |
| 389 | audit_log_format(ab, "subj_role=%s ", args[0].from); | 396 | ima_log_string(ab, "subj_role", args[0].from); |
| 390 | result = ima_lsm_rule_init(entry, args[0].from, | 397 | result = ima_lsm_rule_init(entry, args[0].from, |
| 391 | LSM_SUBJ_ROLE, | 398 | LSM_SUBJ_ROLE, |
| 392 | AUDIT_SUBJ_ROLE); | 399 | AUDIT_SUBJ_ROLE); |
| 393 | break; | 400 | break; |
| 394 | case Opt_subj_type: | 401 | case Opt_subj_type: |
| 395 | audit_log_format(ab, "subj_type=%s ", args[0].from); | 402 | ima_log_string(ab, "subj_type", args[0].from); |
| 396 | result = ima_lsm_rule_init(entry, args[0].from, | 403 | result = ima_lsm_rule_init(entry, args[0].from, |
| 397 | LSM_SUBJ_TYPE, | 404 | LSM_SUBJ_TYPE, |
| 398 | AUDIT_SUBJ_TYPE); | 405 | AUDIT_SUBJ_TYPE); |
| 399 | break; | 406 | break; |
| 400 | case Opt_err: | 407 | case Opt_err: |
| 408 | ima_log_string(ab, "UNKNOWN", p); | ||
| 401 | result = -EINVAL; | 409 | result = -EINVAL; |
| 402 | audit_log_format(ab, "UNKNOWN=%s ", p); | ||
| 403 | break; | 410 | break; |
| 404 | } | 411 | } |
| 405 | } | 412 | } |