diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2005-05-24 22:28:28 +0200 |
---|---|---|
committer | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-05-24 22:28:28 +0200 |
commit | 37ca5389b863e5ffba6fb7c22331bf57dbf7764a (patch) | |
tree | 4869477a27fbd8ad91b0ce42f0b2e4b6817e5105 /security | |
parent | AUDIT: Escape comm when logging task info (diff) | |
download | linux-37ca5389b863e5ffba6fb7c22331bf57dbf7764a.tar.xz linux-37ca5389b863e5ffba6fb7c22331bf57dbf7764a.zip |
AUDIT: Fix remaining cases of direct logging of untrusted strings by avc_audit
Per Steve Grubb's observation that there are some remaining cases where
avc_audit() directly logs untrusted strings without escaping them, here
is a patch that changes avc_audit() to use audit_log_untrustedstring()
or audit_log_hex() as appropriate. Note that d_name.name is nul-
terminated by d_alloc(), and that sun_path is nul-terminated by
unix_mkname(), so it is not necessary for the AVC to create nul-
terminated copies or to alter audit_log_untrustedstring to take a length
argument. In the case of an abstract name, we use audit_log_hex() with
an explicit length.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/avc.c | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 914d0d294fff..451502467a9b 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -575,16 +575,16 @@ void avc_audit(u32 ssid, u32 tsid, struct dentry *dentry = a->u.fs.dentry; if (a->u.fs.mnt) audit_avc_path(dentry, a->u.fs.mnt); - audit_log_format(ab, " name=%s", - dentry->d_name.name); + audit_log_format(ab, " name="); + audit_log_untrustedstring(ab, dentry->d_name.name); inode = dentry->d_inode; } else if (a->u.fs.inode) { struct dentry *dentry; inode = a->u.fs.inode; dentry = d_find_alias(inode); if (dentry) { - audit_log_format(ab, " name=%s", - dentry->d_name.name); + audit_log_format(ab, " name="); + audit_log_untrustedstring(ab, dentry->d_name.name); dput(dentry); } } @@ -628,23 +628,19 @@ void avc_audit(u32 ssid, u32 tsid, u = unix_sk(sk); if (u->dentry) { audit_avc_path(u->dentry, u->mnt); - audit_log_format(ab, " name=%s", - u->dentry->d_name.name); - + audit_log_format(ab, " name="); + audit_log_untrustedstring(ab, u->dentry->d_name.name); break; } if (!u->addr) break; len = u->addr->len-sizeof(short); p = &u->addr->name->sun_path[0]; + audit_log_format(ab, " path="); if (*p) - audit_log_format(ab, - "path=%*.*s", len, - len, p); + audit_log_untrustedstring(ab, p); else - audit_log_format(ab, - "path=@%*.*s", len-1, - len-1, p+1); + audit_log_hex(ab, p, len); break; } } |