Audit: clean up all op= output to include string quoting
A number of places in the audit system we send an op= followed by a string that includes spaces. Somehow this works but it's just wrong. This patch moves all of those that I could find to be quoted. Example: Change From: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1 subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op=remove rule key="number2" list=4 res=0 Change To: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1 subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op="remove rule" key="number2" list=4 res=0 Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
Eric Paris
Al Viro
parent
35fe4d0b1b
commit
9d96098510
|
|
@ -599,6 +599,8 @@ extern void audit_log_untrustedstring(struct audit_buffer *ab,
|
|||
extern void audit_log_d_path(struct audit_buffer *ab,
|
||||
const char *prefix,
|
||||
struct path *path);
|
||||
extern void audit_log_key(struct audit_buffer *ab,
|
||||
char *key);
|
||||
extern void audit_log_lost(const char *message);
|
||||
extern int audit_update_lsm_rules(void);
|
||||
|
||||
|
|
@ -621,6 +623,7 @@ extern int audit_enabled;
|
|||
#define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)
|
||||
#define audit_log_untrustedstring(a,s) do { ; } while (0)
|
||||
#define audit_log_d_path(b, p, d) do { ; } while (0)
|
||||
#define audit_log_key(b, k) do { ; } while (0)
|
||||
#define audit_enabled 0
|
||||
#endif
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -1450,6 +1450,15 @@ void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
|
|||
kfree(pathname);
|
||||
}
|
||||
|
||||
void audit_log_key(struct audit_buffer *ab, char *key)
|
||||
{
|
||||
audit_log_format(ab, " key=");
|
||||
if (key)
|
||||
audit_log_untrustedstring(ab, key);
|
||||
else
|
||||
audit_log_format(ab, "(null)");
|
||||
}
|
||||
|
||||
/**
|
||||
* audit_log_end - end one audit record
|
||||
* @ab: the audit_buffer
|
||||
|
|
|
|||
|
|
@ -441,13 +441,11 @@ static void kill_rules(struct audit_tree *tree)
|
|||
if (rule->tree) {
|
||||
/* not a half-baked one */
|
||||
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
|
||||
audit_log_format(ab, "op=remove rule dir=");
|
||||
audit_log_format(ab, "op=");
|
||||
audit_log_string(ab, "remove rule");
|
||||
audit_log_format(ab, " dir=");
|
||||
audit_log_untrustedstring(ab, rule->tree->pathname);
|
||||
if (rule->filterkey) {
|
||||
audit_log_format(ab, " key=");
|
||||
audit_log_untrustedstring(ab, rule->filterkey);
|
||||
} else
|
||||
audit_log_format(ab, " key=(null)");
|
||||
audit_log_key(ab, rule->filterkey);
|
||||
audit_log_format(ab, " list=%d res=1", rule->listnr);
|
||||
audit_log_end(ab);
|
||||
rule->tree = NULL;
|
||||
|
|
|
|||
|
|
@ -234,11 +234,7 @@ static void audit_watch_log_rule_change(struct audit_krule *r, struct audit_watc
|
|||
audit_log_string(ab, op);
|
||||
audit_log_format(ab, " path=");
|
||||
audit_log_untrustedstring(ab, w->path);
|
||||
if (r->filterkey) {
|
||||
audit_log_format(ab, " key=");
|
||||
audit_log_untrustedstring(ab, r->filterkey);
|
||||
} else
|
||||
audit_log_format(ab, " key=(null)");
|
||||
audit_log_key(ab, r->filterkey);
|
||||
audit_log_format(ab, " list=%d res=1", r->listnr);
|
||||
audit_log_end(ab);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1079,11 +1079,9 @@ static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid,
|
|||
security_release_secctx(ctx, len);
|
||||
}
|
||||
}
|
||||
audit_log_format(ab, " op=%s rule key=", action);
|
||||
if (rule->filterkey)
|
||||
audit_log_untrustedstring(ab, rule->filterkey);
|
||||
else
|
||||
audit_log_format(ab, "(null)");
|
||||
audit_log_format(ab, " op=");
|
||||
audit_log_string(ab, action);
|
||||
audit_log_key(ab, rule->filterkey);
|
||||
audit_log_format(ab, " list=%d res=%d", rule->listnr, res);
|
||||
audit_log_end(ab);
|
||||
}
|
||||
|
|
@ -1147,7 +1145,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
|
|||
return PTR_ERR(entry);
|
||||
|
||||
err = audit_add_rule(entry);
|
||||
audit_log_rule_change(loginuid, sessionid, sid, "add",
|
||||
audit_log_rule_change(loginuid, sessionid, sid, "add rule",
|
||||
&entry->rule, !err);
|
||||
|
||||
if (err)
|
||||
|
|
@ -1163,7 +1161,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
|
|||
return PTR_ERR(entry);
|
||||
|
||||
err = audit_del_rule(entry);
|
||||
audit_log_rule_change(loginuid, sessionid, sid, "remove",
|
||||
audit_log_rule_change(loginuid, sessionid, sid, "remove rule",
|
||||
&entry->rule, !err);
|
||||
|
||||
audit_free_rule(entry);
|
||||
|
|
|
|||
|
|
@ -1137,7 +1137,7 @@ static int audit_log_single_execve_arg(struct audit_context *context,
|
|||
if (has_cntl)
|
||||
audit_log_n_hex(*ab, buf, to_send);
|
||||
else
|
||||
audit_log_format(*ab, "\"%s\"", buf);
|
||||
audit_log_string(*ab, buf);
|
||||
|
||||
p += to_send;
|
||||
len_left -= to_send;
|
||||
|
|
@ -1372,11 +1372,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
|
|||
|
||||
|
||||
audit_log_task_info(ab, tsk);
|
||||
if (context->filterkey) {
|
||||
audit_log_format(ab, " key=");
|
||||
audit_log_untrustedstring(ab, context->filterkey);
|
||||
} else
|
||||
audit_log_format(ab, " key=(null)");
|
||||
audit_log_key(ab, context->filterkey);
|
||||
audit_log_end(ab);
|
||||
|
||||
for (aux = context->aux; aux; aux = aux->next) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue