audit: print empty EXECVE args - linux

diff options

author	Richard Guy Briggs <rgb@redhat.com>	2018-10-10 22:22:57 +0200
committer	Paul Moore <paul@paul-moore.com>	2018-11-05 22:41:49 +0100
commit	ea956d8be91edc702a98b7fe1f9463e7ca8c42ab (patch)
tree	3d5c7285a6f09c1338e22aab211afb91ddc0eba2 /kernel/audit_tree.c
parent	Linux 4.20-rc1 (diff)
download	linux-ea956d8be91edc702a98b7fe1f9463e7ca8c42ab.tar.xz linux-ea956d8be91edc702a98b7fe1f9463e7ca8c42ab.zip

audit: print empty EXECVE args

Empty executable arguments were being skipped when printing out the list of arguments in an EXECVE record, making it appear they were somehow lost. Include empty arguments as an itemized empty string. Reproducer: autrace /bin/ls "" "/etc" ausearch --start recent -m execve -i | grep EXECVE type=EXECVE msg=audit(10/03/2018 13:04:03.208:1391) : argc=3 a0=/bin/ls a2=/etc With fix: type=EXECVE msg=audit(10/03/2018 21:51:38.290:194) : argc=3 a0=/bin/ls a1= a2=/etc type=EXECVE msg=audit(1538617898.290:194): argc=3 a0="/bin/ls" a1="" a2="/etc" Passes audit-testsuite. GH issue tracker at https://github.com/linux-audit/audit-kernel/issues/99 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: cleaned up the commit metadata] Signed-off-by: Paul Moore <paul@paul-moore.com>

Diffstat (limited to 'kernel/audit_tree.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: