linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-28 07:13:34 +00:00

History

Paul Moore 4a92843601 audit: correctly record file names with different path name types There is a problem with the audit system when multiple audit records are created for the same path, each with a different path name type. The root cause of the problem is in __audit_inode() when an exact match (both the path name and path name type) is not found for a path name record; the existing code creates a new path name record, but it never sets the path name in this record, leaving it NULL. This patch corrects this problem by assigning the path name to these newly created records. There are many ways to reproduce this problem, but one of the easiest is the following (assuming auditd is running): # mkdir /root/tmp/test # touch /root/tmp/test/567 # auditctl -a always,exit -F dir=/root/tmp/test # touch /root/tmp/test/567 Afterwards, or while the commands above are running, check the audit log and pay special attention to the PATH records. A faulty kernel will display something like the following for the file creation: type=SYSCALL msg=audit(1416957442.025:93): arch=c000003e syscall=2 success=yes exit=3 ... comm="touch" exe="/usr/bin/touch" type=CWD msg=audit(1416957442.025:93): cwd="/root/tmp" type=PATH msg=audit(1416957442.025:93): item=0 name="test/" inode=401409 ... nametype=PARENT type=PATH msg=audit(1416957442.025:93): item=1 name=(null) inode=393804 ... nametype=NORMAL type=PATH msg=audit(1416957442.025:93): item=2 name=(null) inode=393804 ... nametype=NORMAL While a patched kernel will show the following: type=SYSCALL msg=audit(1416955786.566:89): arch=c000003e syscall=2 success=yes exit=3 ... comm="touch" exe="/usr/bin/touch" type=CWD msg=audit(1416955786.566:89): cwd="/root/tmp" type=PATH msg=audit(1416955786.566:89): item=0 name="test/" inode=401409 ... nametype=PARENT type=PATH msg=audit(1416955786.566:89): item=1 name="test/567" inode=393804 ... nametype=NORMAL This issue was brought up by a number of people, but special credit should go to hujianyang@huawei.com for reporting the problem along with an explanation of the problem and a patch. While the original patch did have some problems (see the archive link below), it did demonstrate the problem and helped kickstart the fix presented here. * https://lkml.org/lkml/2014/9/5/66 Reported-by: hujianyang <hujianyang@huawei.com> Signed-off-by: Paul Moore <pmoore@redhat.com> Acked-by: Richard Guy Briggs <rgb@redhat.com>		2014-12-22 12:27:39 -05:00
..
debug	kernel/printk: use symbolic defines for console loglevels	2014-06-04 16:54:17 -07:00
events	Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2014-07-27 09:57:16 -07:00
gcov	gcov: add support for GCC 4.9	2014-06-10 15:34:46 -07:00
irq	genirq: Fix memory leak when calling irq_free_hwirqs()	2014-07-05 21:42:08 +02:00
locking	locking/rwsem: Add CONFIG_RWSEM_SPIN_ON_OWNER	2014-07-16 14:57:13 +02:00
power	PM / sleep: fix freeze_ops NULL pointer dereferences	2014-07-15 14:27:30 +02:00
printk	kernel/printk/printk.c: revert "printk: enable interrupts before calling console_trylock_for_printk()"	2014-07-03 09:21:54 -07:00
rcu	Josh has moved	2014-07-30 17:16:13 -07:00
sched	Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2014-07-19 06:26:43 -10:00
time	timer: Fix lock inversion between hrtimer_bases.lock and scheduler locks	2014-08-01 12:54:41 +02:00
trace	tracing: Fix wraparound problems in "uptime" trace clock	2014-07-21 09:56:12 -04:00
.gitignore
acct.c	ipc, kernel: clear whitespace	2014-06-06 16:08:14 -07:00
async.c
audit.c	audit: use supplied gfp_mask from audit_buffer in kauditd_send_multicast_skb	2014-12-19 18:37:56 -05:00
audit.h	audit: reduce scope of audit_log_fcaps	2014-09-23 16:37:51 -04:00
audit_tree.c	audit: keep inode pinned	2014-11-11 14:20:22 -05:00
audit_watch.c	audit: invalid op= values for rules	2014-09-23 16:37:53 -04:00
auditfilter.c	audit: don't attempt to lookup PIDs when changing PID filtering audit rules	2014-12-19 18:35:53 -05:00
auditsc.c	audit: correctly record file names with different path name types	2014-12-22 12:27:39 -05:00
backtracetest.c	kernel/backtracetest.c: replace no level printk by pr_info()	2014-06-04 16:54:14 -07:00
bounds.c
capability.c	fs,userns: Change inode_capable to capable_wrt_inode_uidgid	2014-06-10 13:57:22 -07:00
cgroup.c	cgroup: fix a race between cgroup_mount() and cgroup_kill_sb()	2014-06-30 10:16:26 -04:00
cgroup_freezer.c	cgroup: remove css_parent()	2014-05-16 13:22:48 -04:00
compat.c	kernel/compat.c: use sizeof() instead of sizeof	2014-06-04 16:54:19 -07:00
configs.c
context_tracking.c	x86/kprobes: Fix build errors and blacklist context_track_user	2014-06-14 09:07:44 +02:00
cpu.c	More ACPI and power management updates for 3.16-rc1	2014-06-12 13:14:19 -07:00
cpu_pm.c
cpuset.c	cpuset: break kernfs active protection in cpuset_write_resmask()	2014-07-01 16:42:28 -04:00
crash_dump.c
cred.c
delayacct.c
dma.c
elfcore.c
exec_domain.c	kernel/exec_domain.c: code clean-up	2014-06-04 16:54:15 -07:00
exit.c	signals: mv {dis,}allow_signal() from sched.h/exit.c to signal.[ch]	2014-06-06 16:08:11 -07:00
extable.c	asmlinkage: Make main_extable_sort_needed visible	2014-02-13 18:13:22 -08:00
fork.c	tracing: Fix syscall_*regfunc() vs copy_process() race	2014-06-21 00:15:12 -04:00
freezer.c
futex.c	Merge branch 'next' (accumulated 3.16 merge window patches) into master	2014-06-08 11:31:16 -07:00
futex_compat.c	compat: Get rid of (get\|put)_compat_time(val\|spec)	2014-02-02 14:09:12 -08:00
groups.c	kernel/groups.c: remove return value of set_groups	2014-04-03 16:21:05 -07:00
hrtimer.c	Merge branch 'perf/urgent' into perf/core, to resolve conflict and to prepare for new patches	2014-06-06 07:55:06 +02:00
hung_task.c	kernel/hung_task.c: convert simple_strtoul to kstrtouint	2014-06-04 16:54:15 -07:00
irq_work.c	perf/x86: Warn to early_printk() in case irq_work is too slow	2014-02-21 21:49:07 +01:00
itimer.c
jump_label.c
kallsyms.c	kernel: use macros from compiler.h instead of __attribute__((...))	2014-04-07 16:36:11 -07:00
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.locks	locking/rwsem: Add CONFIG_RWSEM_SPIN_ON_OWNER	2014-07-16 14:57:13 +02:00
Kconfig.preempt
kexec.c	kexec: fix build error when hugetlbfs is disabled	2014-07-30 20:09:37 -07:00
kmod.c	signals: change wait_for_helper() to use kernel_sigaction()	2014-06-06 16:08:12 -07:00
kprobes.c	kprobes: Fix "Failed to find blacklist" probing errors on ia64 and ppc64	2014-07-18 06:23:40 +02:00
ksysfs.c	kobject: Make support for uevent_helper optional.	2014-04-25 12:00:49 -07:00
kthread.c	kthread: fix return value of kthread_create() upon SIGKILL.	2014-06-04 16:53:51 -07:00
latencytop.c	kernel/latencytop.c: convert seq_printf to seq_puts	2014-06-04 16:54:15 -07:00
Makefile	Merge branch 'x86-asmlinkage-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2014-03-31 14:13:25 -07:00
module-internal.h
module.c	Most of this is cleaning up various driver sysfs permissions so we can	2014-06-11 16:09:14 -07:00
module_signing.c
notifier.c	kprobes, notifier: Use NOKPROBE_SYMBOL macro in notifier	2014-04-24 10:26:39 +02:00
nsproxy.c
padata.c
panic.c	kernel/panic.c: add "crash_kexec_post_notifiers" option for kdump after panic_notifers	2014-06-06 16:08:12 -07:00
params.c	param: hand arguments after -- straight to init	2014-04-28 11:48:34 +09:30
pid.c
pid_namespace.c	pid_namespace: pidns_get() should check task_active_pid_ns() != NULL	2014-04-02 16:20:21 -07:00
posix-cpu-timers.c
posix-timers.c
profile.c	kernel/profile.c: use static const char instead of static char	2014-06-06 16:08:13 -07:00
ptrace.c	kernel/compat: convert to COMPAT_SYSCALL_DEFINE	2014-03-06 15:35:10 +01:00
range.c
reboot.c	kernel/reboot.c: convert simple_strtoul to kstrtoint	2014-06-04 16:54:15 -07:00
relay.c	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2014-04-12 14:49:50 -07:00
res_counter.c	kernel/res_counter.c: replace simple_strtoull by kstrtoull	2014-06-04 16:54:15 -07:00
resource.c	resources: Clarify sanity check message	2014-05-23 10:47:21 -06:00
seccomp.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2014-06-12 14:27:40 -07:00
signal.c	signals: introduce kernel_sigaction()	2014-06-06 16:08:12 -07:00
smp.c	CPU hotplug, smp: flush any pending IPI callbacks before CPU offline	2014-06-23 16:47:43 -07:00
smpboot.c
smpboot.h
softirq.c	Merge branch 'rcu/next' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into core/rcu	2014-05-22 11:36:10 +02:00
stacktrace.c
stop_machine.c	kernel/stop_machine.c: kernel-doc warning fix	2014-06-04 16:54:15 -07:00
sys.c	sched: Consolidate open coded implementations of nice level frobbing into nice_to_rlimit() and rlimit_to_nice()	2014-05-22 11:16:36 +02:00
sys_ni.c	sys_sgetmask/sys_ssetmask: add CONFIG_SGETMASK_SYSCALL	2014-06-04 16:54:14 -07:00
sysctl.c	kernel/watchdog.c: print traces for all cpus on lockup detection	2014-06-23 16:47:44 -07:00
sysctl_binary.c
system_certificates.S
system_keyring.c
task_work.c
taskstats.c
test_kprobes.c
time.c
timeconst.bc
timer.c	timer: Prevent overflow in apply_slack	2014-04-30 13:46:17 +02:00
torture.c	torture: Remove __init from torture_init_begin/end	2014-05-14 09:46:30 -07:00
tracepoint.c	tracing: syscall_regfunc() should not skip kernel threads	2014-06-21 00:15:26 -04:00
tsacct.c
uid16.c
up.c	smp: Rename __smp_call_function_single() to smp_call_function_single_async()	2014-02-24 14:47:15 -08:00
user-return-notifier.c
user.c	kernel/user.c: drop unused field 'files' from user_struct	2014-06-04 16:54:16 -07:00
user_namespace.c	kernel/user_namespace.c: kernel-doc/checkpatch fixes	2014-06-06 16:08:13 -07:00
utsname.c
utsname_sysctl.c	sysctl: convert use of typedef ctl_table to struct ctl_table	2014-06-06 16:08:16 -07:00
watchdog.c	kernel/watchdog.c: print traces for all cpus on lockup detection	2014-06-23 16:47:44 -07:00
workqueue.c	workqueue: zero cpumask of wq_numa_possible_cpumask on init	2014-07-07 09:56:48 -04:00
workqueue_internal.h	workqueue: rename manager_mutex to attach_mutex	2014-05-20 10:59:32 -04:00