Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v3.16 2014-06-10T15:44:40Z 2014-06-10T15:44:40Z Andy Lutomirski luto@amacapital.net 2014-05-29T03:09:58Z urn:sha1:a3c54931199565930d6d84f4c3456f6440aefd41 Fixes an easy DoS and possible information disclosure. This does nothing about the broken state of x32 auditing. eparis: If the admin has enabled auditd and has specifically loaded audit rules. This bug has been around since before git. Wow... Cc: stable@vger.kernel.org Signed-off-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2014-04-12T19:38:53Z Linus Torvalds torvalds@linux-foundation.org 2014-04-12T19:38:53Z urn:sha1:0b747172dce6e0905ab173afbaffebb7a11d89bd Pull audit updates from Eric Paris. * git://git.infradead.org/users/eparis/audit: (28 commits) AUDIT: make audit_is_compat depend on CONFIG_AUDIT_COMPAT_GENERIC audit: renumber AUDIT_FEATURE_CHANGE into the 1300 range audit: do not cast audit_rule_data pointers pointlesly AUDIT: Allow login in non-init namespaces audit: define audit_is_compat in kernel internal header kernel: Use RCU_INIT_POINTER(x, NULL) in audit.c sched: declare pid_alive as inline audit: use uapi/linux/audit.h for AUDIT_ARCH declarations syscall_get_arch: remove useless function arguments audit: remove stray newline from audit_log_execve_info() audit_panic() call audit: remove stray newlines from audit_log_lost messages audit: include subject in login records audit: remove superfluous new- prefix in AUDIT_LOGIN messages audit: allow user processes to log from another PID namespace audit: anchor all pid references in the initial pid namespace audit: convert PPIDs to the inital PID namespace. pid: get pid_t ppid of task in init_pid_ns audit: rename the misleading audit_get_context() to audit_take_context() audit: Add generic compat syscall support audit: Add CONFIG_HAVE_ARCH_AUDITSYSCALL ... 2014-03-20T14:11:58Z Joe Perches joe@perches.com 2014-03-05T22:34:36Z urn:sha1:b7550787fe8b5beffb5f56fa11a87712d699d085 There's an unnecessary use of a \n in audit_panic. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> 2014-03-20T14:11:57Z Eric Paris eparis@redhat.com 2011-01-20T00:22:35Z urn:sha1:ddfad8affdb73cc8df5890fef16d98d63ff3a6f0 The login uid change record does not include the selinux context of the task logging in. Add that information. (Updated from 2011-01: RHBZ:670328 -- RGB) Reported-by: Steve Grubb <sgrubb@redhat.com> Acked-by: James Morris <jmorris@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Aristeu Rozanski <arozansk@redhat.com> Signed-off-by: Richard Guy Briggs <rgb@redhat.com> 2014-03-20T14:11:57Z Richard Guy Briggs rgb@redhat.com 2014-02-24T17:31:11Z urn:sha1:aa589a13b5d00d3c643ee4114d8cbc3addb4e99f The new- prefix on ses and auid are un-necessary and break ausearch. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> 2014-03-20T14:11:55Z Richard Guy Briggs rgb@redhat.com 2013-12-11T18:52:26Z urn:sha1:f1dc4867ff41b7bcca57fa19449d1fe7ad517ac1 Store and log all PIDs with reference to the initial PID namespace and use the access functions task_pid_nr() and task_tgid_nr() for task->pid and task->tgid. Cc: "Eric W. Biederman" <ebiederm@xmission.com> (informed by ebiederman's c776b5d2) Signed-off-by: Richard Guy Briggs <rgb@redhat.com> 2014-03-20T14:11:55Z Richard Guy Briggs rgb@redhat.com 2013-12-11T03:10:41Z urn:sha1:c92cdeb45eea38515e82187f48c2e4f435fb4e25 sys_getppid() returns the parent pid of the current process in its own pid namespace. Since audit filters are based in the init pid namespace, a process could avoid a filter or trigger an unintended one by being in an alternate pid namespace or log meaningless information. Switch to task_ppid_nr() for PPIDs to anchor all audit filters in the init_pid_ns. (informed by ebiederman's 6c621b7e) Cc: stable@vger.kernel.org Cc: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Richard Guy Briggs <rgb@redhat.com> 2014-03-20T14:11:54Z Richard Guy Briggs rgb@redhat.com 2014-02-18T20:29:43Z urn:sha1:4a3eb726d1543c4b616b9a0a4d4c53ddd276f5f4 "get" usually implies incrementing a refcount into a structure to indicate a reference being held by another part of code. Change this function name to indicate it is in fact being taken from it, returning the value while clearing it in the supplying structure. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> 2014-03-20T14:10:52Z William Roberts bill.c.roberts@gmail.com 2014-02-11T18:12:01Z urn:sha1:3f1c82502c299da08b7b7f08b435212e51166ed9 During an audit event, cache and print the value of the process's proctitle value (proc/<pid>/cmdline). This is useful in situations where processes are started via fork'd virtual machines where the comm field is incorrect. Often times, setting the comm field still is insufficient as the comm width is not very wide and most virtual machine "package names" do not fit. Also, during execution, many threads have their comm field set as well. By tying it back to the global cmdline value for the process, audit records will be more complete in systems with these properties. An example of where this is useful and applicable is in the realm of Android. With Android, their is no fork/exec for VM instances. The bare, preloaded Dalvik VM listens for a fork and specialize request. When this request comes in, the VM forks, and the loads the specific application (specializing). This was done to take advantage of COW and to not require a load of basic packages by the VM on very app spawn. When this spawn occurs, the package name is set via setproctitle() and shows up in procfs. Many of these package names are longer then 16 bytes, the historical width of task->comm. Having the cmdline in the audit records will couple the application back to the record directly. Also, on my Debian development box, some audit records were more useful then what was printed under comm. The cached proctitle is tied to the life-cycle of the audit_context structure and is built on demand. Proctitle is controllable by userspace, and thus should not be trusted. It is meant as an aid to assist in debugging. The proctitle event is emitted during syscall audits, and can be filtered with auditctl. Example: type=AVC msg=audit(1391217013.924:386): avc: denied { getattr } for pid=1971 comm="mkdir" name="/" dev="selinuxfs" ino=1 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c255 tcontext=system_u:object_r:security_t:s0 tclass=filesystem type=SYSCALL msg=audit(1391217013.924:386): arch=c000003e syscall=137 success=yes exit=0 a0=7f019dfc8bd7 a1=7fffa6aed2c0 a2=fffffffffff4bd25 a3=7fffa6aed050 items=0 ppid=1967 pid=1971 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mkdir" exe="/bin/mkdir" subj=system_u:system_r:consolekit_t:s0-s0:c0.c255 key=(null) type=UNKNOWN[1327] msg=audit(1391217013.924:386): proctitle=6D6B646972002D70002F7661722F72756E2F636F6E736F6C65 Acked-by: Steve Grubb <sgrubb@redhat.com> (wrt record formating) Signed-off-by: William Roberts <wroberts@tresys.com> Signed-off-by: Eric Paris <eparis@redhat.com> 2014-03-07T16:48:15Z Richard Guy Briggs rgb@redhat.com 2014-01-27T22:38:42Z urn:sha1:f952d10ff40b436a8ef156a74ec327abe303823d Add pr_fmt to prefix "audit: " to output Convert printk(KERN_<LEVEL> to pr_<level> Coalesce formats Signed-off-by: Richard Guy Briggs <rgb@redhat.com>