summaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2010-04-20 16:21:30 +0200
committerJames Morris <jmorris@namei.org>2010-04-21 01:58:17 +0200
commit2f1506cd82e0725ba00c7146a9a9b47824a5edcf (patch)
treeac92c983ab10842e82e229c00b697566c6f20028 /security/integrity
parentIMA: handle comments in policy (diff)
downloadlinux-2f1506cd82e0725ba00c7146a9a9b47824a5edcf.tar.xz
linux-2f1506cd82e0725ba00c7146a9a9b47824a5edcf.zip
IMA: use audit_log_untrusted_string rather than %s
Convert all of the places IMA calls audit_log_format with %s into audit_log_untrusted_string(). This is going to cause them all to get quoted, but it should make audit log injection harder. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/ima/ima_policy.c33
1 files changed, 20 insertions, 13 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index babc5009756d..778a735621f1 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -255,6 +255,13 @@ static int ima_lsm_rule_init(struct ima_measure_rule_entry *entry,
return result;
}
+static void ima_log_string(struct audit_buffer *ab, char *key, char *value)
+{
+ audit_log_format(ab, "%s=", key);
+ audit_log_untrustedstring(ab, value);
+ audit_log_format(ab, " ");
+}
+
static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
{
struct audit_buffer *ab;
@@ -277,7 +284,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
token = match_token(p, policy_tokens, args);
switch (token) {
case Opt_measure:
- audit_log_format(ab, "%s ", "measure");
+ ima_log_string(ab, "action", "measure");
if (entry->action != UNKNOWN)
result = -EINVAL;
@@ -285,7 +292,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
entry->action = MEASURE;
break;
case Opt_dont_measure:
- audit_log_format(ab, "%s ", "dont_measure");
+ ima_log_string(ab, "action", "dont_measure");
if (entry->action != UNKNOWN)
result = -EINVAL;
@@ -293,7 +300,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
entry->action = DONT_MEASURE;
break;
case Opt_func:
- audit_log_format(ab, "func=%s ", args[0].from);
+ ima_log_string(ab, "func", args[0].from);
if (entry->func)
result = -EINVAL;
@@ -313,7 +320,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
entry->flags |= IMA_FUNC;
break;
case Opt_mask:
- audit_log_format(ab, "mask=%s ", args[0].from);
+ ima_log_string(ab, "mask", args[0].from);
if (entry->mask)
result = -EINVAL;
@@ -332,7 +339,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
entry->flags |= IMA_MASK;
break;
case Opt_fsmagic:
- audit_log_format(ab, "fsmagic=%s ", args[0].from);
+ ima_log_string(ab, "fsmagic", args[0].from);
if (entry->fsmagic) {
result = -EINVAL;
@@ -345,7 +352,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
entry->flags |= IMA_FSMAGIC;
break;
case Opt_uid:
- audit_log_format(ab, "uid=%s ", args[0].from);
+ ima_log_string(ab, "uid", args[0].from);
if (entry->uid != -1) {
result = -EINVAL;
@@ -362,44 +369,44 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
}
break;
case Opt_obj_user:
- audit_log_format(ab, "obj_user=%s ", args[0].from);
+ ima_log_string(ab, "obj_user", args[0].from);
result = ima_lsm_rule_init(entry, args[0].from,
LSM_OBJ_USER,
AUDIT_OBJ_USER);
break;
case Opt_obj_role:
- audit_log_format(ab, "obj_role=%s ", args[0].from);
+ ima_log_string(ab, "obj_role", args[0].from);
result = ima_lsm_rule_init(entry, args[0].from,
LSM_OBJ_ROLE,
AUDIT_OBJ_ROLE);
break;
case Opt_obj_type:
- audit_log_format(ab, "obj_type=%s ", args[0].from);
+ ima_log_string(ab, "obj_type", args[0].from);
result = ima_lsm_rule_init(entry, args[0].from,
LSM_OBJ_TYPE,
AUDIT_OBJ_TYPE);
break;
case Opt_subj_user:
- audit_log_format(ab, "subj_user=%s ", args[0].from);
+ ima_log_string(ab, "subj_user", args[0].from);
result = ima_lsm_rule_init(entry, args[0].from,
LSM_SUBJ_USER,
AUDIT_SUBJ_USER);
break;
case Opt_subj_role:
- audit_log_format(ab, "subj_role=%s ", args[0].from);
+ ima_log_string(ab, "subj_role", args[0].from);
result = ima_lsm_rule_init(entry, args[0].from,
LSM_SUBJ_ROLE,
AUDIT_SUBJ_ROLE);
break;
case Opt_subj_type:
- audit_log_format(ab, "subj_type=%s ", args[0].from);
+ ima_log_string(ab, "subj_type", args[0].from);
result = ima_lsm_rule_init(entry, args[0].from,
LSM_SUBJ_TYPE,
AUDIT_SUBJ_TYPE);
break;
case Opt_err:
+ ima_log_string(ab, "UNKNOWN", p);
result = -EINVAL;
- audit_log_format(ab, "UNKNOWN=%s ", p);
break;
}
}