Re: [RFC PATCH 3/5] audit: enable filename recording via getname_kernel()
From: Richard Guy Briggs
Date: Wed Jan 14 2015 - 16:09:59 EST
On 15/01/08, Paul Moore wrote:
> Enable recording of filenames in getname_kernel() and remove the
> kludgy workaround in __audit_inode() now that we have proper filename
> logging for kernel users.
>
> Signed-off-by: Paul Moore <pmoore@xxxxxxxxxx>
Reviewed-by: Richard Guy Briggs <rgb@xxxxxxxxxx>
> ---
> fs/namei.c | 1 +
> kernel/auditsc.c | 40 +++-------------------------------------
> 2 files changed, 4 insertions(+), 37 deletions(-)
>
> diff --git a/fs/namei.c b/fs/namei.c
> index c3d21b7..1c0d4c7 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -242,6 +242,7 @@ getname_kernel(const char * filename)
> strlcpy((char *)result->name, filename, len);
> result->uptr = NULL;
> result->aname = NULL;
> + audit_getname(result);
>
> return result;
> }
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 793e9e9..c967ffc 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1882,44 +1882,10 @@ out_alloc:
> n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN);
> if (!n)
> return;
> - /* unfortunately, while we may have a path name to record with the
> - * inode, we can't always rely on the string lasting until the end of
> - * the syscall so we need to create our own copy, it may fail due to
> - * memory allocation issues, but we do our best */
> - if (name) {
> - /* we can't use getname_kernel() due to size limits */
> - size_t len = strlen(name->name) + 1;
> - struct filename *new = __getname();
> -
> - if (unlikely(!new))
> - goto out;
> + if (name)
> + /* no need to set ->name_put as the original will cleanup */
> + n->name = name;
>
> - if (len <= (PATH_MAX - sizeof(*new))) {
> - new->name = (char *)(new) + sizeof(*new);
> - new->separate = false;
> - } else if (len <= PATH_MAX) {
> - /* this looks odd, but is due to final_putname() */
> - struct filename *new2;
> -
> - new2 = kmalloc(sizeof(*new2), GFP_KERNEL);
> - if (unlikely(!new2)) {
> - __putname(new);
> - goto out;
> - }
> - new2->name = (char *)new;
> - new2->separate = true;
> - new = new2;
> - } else {
> - /* we should never get here, but let's be safe */
> - __putname(new);
> - goto out;
> - }
> - strlcpy((char *)new->name, name->name, len);
> - new->uptr = NULL;
> - new->aname = n;
> - n->name = new;
> - n->name_put = true;
> - }
> out:
> if (parent) {
> n->name_len = n->name ? parent_len(n->name->name) : AUDIT_NAME_FULL;
>
> --
> Linux-audit mailing list
> Linux-audit@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/linux-audit
- RGB
--
Richard Guy Briggs <rbriggs@xxxxxxxxxx>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/