Attachment 583319 Details for Bug 816567 – Work-in progress patch

[patch] Work-in progress patch

audit-no-netlink-credentials.patch (text/plain), 7.08 KB, created by Miloslav Trmač on 2012-05-09 14:55:55 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Miloslav Trmač

Created: 2012-05-09 14:55:55 UTC

Size: 7.08 KB

patch

obsolete

>From: Miloslav TrmaÄ <mitr@redhat.com>
>
>Commit 16e5726269611b71c930054ffe9b858c1cea88eb changed
>AF_UNIX to not send credentials by default, also affecting AF_NETLINK:
>NETLINK_CREDS().uid and pid are zero unless the calling application explictily
>sends credentials.
>
>This boroke existing user-space applications (all invocations of auditctl
>are logged as pid=0, uid=0; AUDIT_TTY_[GS]ET can not find the invoking process
>because it is looing for PID 0).
>
>Actually, using NETLINK_CREDS is not necessary because the netlink requests
>are always handled within the sending process, so we can just use "current" and
>simplify the code.
>
>Commit fd778461524849afd035679030ae8e8873c72b81 started moving in this
>direction, this patch finishes the move.
>
>Signed-Off-By: Miloslav TrmaÄ <mitr@redhat.com>
>
>---
>
>I think I got the locking and the decision to use euid and not ruid (like
>SCM_CREDENTIALS do) right, but careful review would be appreciated.
>
>I'm really unsure about handling of PID/UID namespaces - AFAICS the old code
>used to use PIDs and UIDs in the calling process namespace, but they went
>into the system-wide audit log, so it seems to me that they should use a
>system-wide namespace instead.  I'm not at all certain sure that I'm using the
>PID/UID namespace API correctly, either.
>
>diff -ur linux-3.3.4-4.fc16.x86_64/include/linux/audit.h kernel-3.3.fc16/linux-3.3.4-4.fc16.x86_64/include/linux/audit.h
>--- linux-3.3.4-4.fc16.x86_64/include/linux/audit.h	2012-03-19 00:15:34.000000000 +0100
>+++ linux-3.3.4-4.fc16.x86_64/include/linux/audit.h	2012-05-07 18:14:17.624566743 +0200
>@@ -697,9 +697,9 @@
> extern int		    audit_update_lsm_rules(void);
> 
> 				/* Private API (for audit.c only) */
>-extern int audit_filter_user(struct netlink_skb_parms *cb);
>+extern int audit_filter_user(void);
> extern int audit_filter_type(int type);
>-extern int  audit_receive_filter(int type, int pid, int uid, int seq,
>+extern int  audit_receive_filter(int type, int pid, int seq,
> 				void *data, size_t datasz, uid_t loginuid,
> 				u32 sessionid, u32 sid);
> extern int audit_enabled;
>diff -ur linux-3.3.4-4.fc16.x86_64/kernel/audit.c kernel-3.3.fc16/linux-3.3.4-4.fc16.x86_64/kernel/audit.c
>--- linux-3.3.4-4.fc16.x86_64/kernel/audit.c	2012-03-19 00:15:34.000000000 +0100
>+++ linux-3.3.4-4.fc16.x86_64/kernel/audit.c	2012-05-07 18:53:23.435738768 +0200
>@@ -467,24 +467,6 @@
> 	return 0;
> }
> 
>-static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
>-{
>-	struct task_struct *tsk;
>-	int err;
>-
>-	rcu_read_lock();
>-	tsk = find_task_by_vpid(pid);
>-	if (!tsk) {
>-		rcu_read_unlock();
>-		return -ESRCH;
>-	}
>-	get_task_struct(tsk);
>-	rcu_read_unlock();
>-	err = tty_audit_push_task(tsk, loginuid, sessionid);
>-	put_task_struct(tsk);
>-	return err;
>-}
>-
> int audit_send_list(void *_dest)
> {
> 	struct audit_netlink_list *dest = _dest;
>@@ -674,8 +656,8 @@
> 		return err;
> 	}
> 
>-	pid  = NETLINK_CREDS(skb)->pid;
>-	uid  = NETLINK_CREDS(skb)->uid;
>+	pid  = task_tgid_nr(current);
>+	uid  = current_euid();
> 	loginuid = audit_get_loginuid(current);
> 	sessionid = audit_get_sessionid(current);
> 	security_task_getsecid(current, &sid);
>@@ -737,12 +719,12 @@
> 		if (!audit_enabled && msg_type != AUDIT_USER_AVC)
> 			return 0;
> 
>-		err = audit_filter_user(&NETLINK_CB(skb));
>+		err = audit_filter_user();
> 		if (err == 1) {
> 			err = 0;
> 			if (msg_type == AUDIT_USER_TTY) {
>-				err = audit_prepare_user_tty(pid, loginuid,
>-							     sessionid);
>+				err = tty_audit_push_task(current, loginuid,
>+							  sessionid);
> 				if (err)
> 					break;
> 			}
>@@ -782,7 +764,7 @@
> 		/* fallthrough */
> 	case AUDIT_LIST:
> 		err = audit_receive_filter(msg_type, NETLINK_CB(skb).pid,
>-					   uid, seq, data, nlmsg_len(nlh),
>+					   seq, data, nlmsg_len(nlh),
> 					   loginuid, sessionid, sid);
> 		break;
> 	case AUDIT_ADD_RULE:
>@@ -801,7 +783,7 @@
> 		/* fallthrough */
> 	case AUDIT_LIST_RULES:
> 		err = audit_receive_filter(msg_type, NETLINK_CB(skb).pid,
>-					   uid, seq, data, nlmsg_len(nlh),
>+					   seq, data, nlmsg_len(nlh),
> 					   loginuid, sessionid, sid);
> 		break;
> 	case AUDIT_TRIM:
>@@ -880,14 +862,12 @@
> 		struct task_struct *tsk;
> 		unsigned long flags;
> 
>-		rcu_read_lock();
>-		tsk = find_task_by_vpid(pid);
>-		if (tsk && lock_task_sighand(tsk, &flags)) {
>+		tsk = current;
>+		if (lock_task_sighand(tsk, &flags)) {
> 			s.enabled = tsk->signal->audit_tty != 0;
> 			unlock_task_sighand(tsk, &flags);
> 		} else
> 			err = -ESRCH;
>-		rcu_read_unlock();
> 
> 		if (!err)
> 			audit_send_reply(NETLINK_CB(skb).pid, seq,
>@@ -904,14 +884,12 @@
> 		s = data;
> 		if (s->enabled != 0 && s->enabled != 1)
> 			return -EINVAL;
>-		rcu_read_lock();
>-		tsk = find_task_by_vpid(pid);
>-		if (tsk && lock_task_sighand(tsk, &flags)) {
>+		tsk = current;
>+		if (lock_task_sighand(tsk, &flags)) {
> 			tsk->signal->audit_tty = s->enabled != 0;
> 			unlock_task_sighand(tsk, &flags);
> 		} else
> 			err = -ESRCH;
>-		rcu_read_unlock();
> 		break;
> 	}
> 	default:
>diff -ur linux-3.3.4-4.fc16.x86_64/kernel/auditfilter.c kernel-3.3.fc16/linux-3.3.4-4.fc16.x86_64/kernel/auditfilter.c
>--- linux-3.3.4-4.fc16.x86_64/kernel/auditfilter.c	2012-03-19 00:15:34.000000000 +0100
>+++ linux-3.3.4-4.fc16.x86_64/kernel/auditfilter.c	2012-05-07 18:21:04.475902826 +0200
>@@ -1090,7 +1090,6 @@
>  * audit_receive_filter - apply all rules to the specified message type
>  * @type: audit message type
>  * @pid: target pid for netlink audit messages
>- * @uid: target uid for netlink audit messages
>  * @seq: netlink audit message sequence (serial) number
>  * @data: payload data
>  * @datasz: size of payload data
>@@ -1098,7 +1097,7 @@
>  * @sessionid: sessionid for netlink audit message
>  * @sid: SE Linux Security ID of sender
>  */
>-int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
>+int audit_receive_filter(int type, int pid, int seq, void *data,
> 			 size_t datasz, uid_t loginuid, u32 sessionid, u32 sid)
> {
> 	struct task_struct *tsk;
>@@ -1236,8 +1235,7 @@
> 	return strncmp(p, dname, dlen);
> }
> 
>-static int audit_filter_user_rules(struct netlink_skb_parms *cb,
>-				   struct audit_krule *rule,
>+static int audit_filter_user_rules(struct audit_krule *rule,
> 				   enum audit_state *state)
> {
> 	int i;
>@@ -1249,13 +1247,13 @@
> 
> 		switch (f->type) {
> 		case AUDIT_PID:
>-			result = audit_comparator(cb->creds.pid, f->op, f->val);
>+			result = audit_comparator(task_tgid_nr(current), f->op, f->val);
> 			break;
> 		case AUDIT_UID:
>-			result = audit_comparator(cb->creds.uid, f->op, f->val);
>+			result = audit_comparator(current_euid(), f->op, f->val);
> 			break;
> 		case AUDIT_GID:
>-			result = audit_comparator(cb->creds.gid, f->op, f->val);
>+			result = audit_comparator(current_egid(), f->op, f->val);
> 			break;
> 		case AUDIT_LOGINUID:
> 			result = audit_comparator(audit_get_loginuid(current),
>@@ -1287,7 +1285,7 @@
> 	return 1;
> }
> 
>-int audit_filter_user(struct netlink_skb_parms *cb)
>+int audit_filter_user(void)
> {
> 	enum audit_state state = AUDIT_DISABLED;
> 	struct audit_entry *e;
>@@ -1295,7 +1293,7 @@
> 
> 	rcu_read_lock();
> 	list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {
>-		if (audit_filter_user_rules(cb, &e->rule, &state)) {
>+		if (audit_filter_user_rules(&e->rule, &state)) {
> 			if (state == AUDIT_DISABLED)
> 				ret = 0;
> 			break;

Actions: View | Diff

Attachments on bug 816567: 583319