aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2013-12-24 06:49:01 -0500
committerMimi Zohar <zohar@linux.vnet.ibm.com>2014-03-07 11:32:28 -0500
commit73a6b44a003ad5dd1af9a8d05f01589dce7cd47a (patch)
treecd1ef257eeae49811df0b79a39f0d9a6f0cd5e22 /security
parentd984ea604943bbeedde4e9715984eb942a298383 (diff)
Integrity: Pass commname via get_task_comm()
When we pass task->comm to audit_log_untrustedstring(), we need to pass it via get_task_comm() because task->comm can be changed to contain untrusted string by other threads after audit_log_untrustedstring() confirmed that task->comm does not contain untrusted string. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security')
-rw-r--r--security/integrity/integrity_audit.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c
index 809ec8428ee7..4b996ba48fc2 100644
--- a/security/integrity/integrity_audit.c
+++ b/security/integrity/integrity_audit.c
@@ -33,6 +33,7 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
33 const char *cause, int result, int audit_info) 33 const char *cause, int result, int audit_info)
34{ 34{
35 struct audit_buffer *ab; 35 struct audit_buffer *ab;
36 char name[TASK_COMM_LEN];
36 37
37 if (!integrity_audit_info && audit_info == 1) /* Skip info messages */ 38 if (!integrity_audit_info && audit_info == 1) /* Skip info messages */
38 return; 39 return;
@@ -49,7 +50,7 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
49 audit_log_format(ab, " cause="); 50 audit_log_format(ab, " cause=");
50 audit_log_string(ab, cause); 51 audit_log_string(ab, cause);
51 audit_log_format(ab, " comm="); 52 audit_log_format(ab, " comm=");
52 audit_log_untrustedstring(ab, current->comm); 53 audit_log_untrustedstring(ab, get_task_comm(name, current));
53 if (fname) { 54 if (fname) {
54 audit_log_format(ab, " name="); 55 audit_log_format(ab, " name=");
55 audit_log_untrustedstring(ab, fname); 56 audit_log_untrustedstring(ab, fname);