02 Aug, 2007

1 commit

• e6e0871cc   Net/Security: fix memory leaks from security_secid_to_secctx() ... Browse Code »

  The security_secid_to_secctx() function returns memory that must be freed
  by a call to security_release_secctx() which was not always happening. This
  patch fixes two of these problems (all that I could find in the kernel source
  at present).

  Signed-off-by: Paul Moore
  Acked-by: Stephen Smalley
  Signed-off-by: James Morris

  Paul Moore

  2007-08-02 23:52:26 +0800  

17 Jul, 2007

1 commit

• 522ed7767   Audit: add TTY input auditing ... Browse Code »

  Add TTY input auditing, used to audit system administrator's actions. This is
  required by various security standards such as DCID 6/3 and PCI to provide
  non-repudiation of administrator's actions and to allow a review of past
  actions if the administrator seems to overstep their duties or if the system
  becomes misconfigured for unknown reasons. These requirements do not make it
  necessary to audit TTY output as well.

  Compared to an user-space keylogger, this approach records TTY input using the
  audit subsystem, correlated with other audit events, and it is completely
  transparent to the user-space application (e.g. the console ioctls still
  work).

  TTY input auditing works on a higher level than auditing all system calls
  within the session, which would produce an overwhelming amount of mostly
  useless audit events.

  Add an "audit_tty" attribute, inherited across fork (). Data read from TTYs
  by process with the attribute is sent to the audit subsystem by the kernel.
  The audit netlink interface is extended to allow modifying the audit_tty
  attribute, and to allow sending explanatory audit events from user-space (for
  example, a shell might send an event containing the final command, after the
  interactive command-line editing and history expansion is performed, which
  might be difficult to decipher from the TTY input alone).

  Because the "audit_tty" attribute is inherited across fork (), it would be set
  e.g. for sshd restarted within an audited session. To prevent this, the
  audit_tty attribute is cleared when a process with no open TTY file
  descriptors (e.g. after daemon startup) opens a TTY.

  See https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a
  more detailed rationale document for an older version of this patch.

  [akpm@linux-foundation.org: build fix]
  Signed-off-by: Miloslav Trmac
  Cc: Al Viro
  Cc: Alan Cox
  Cc: Paul Fulghum
  Cc: Casey Schaufler
  Cc: Steve Grubb
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Miloslav Trmac

  2007-07-17 00:05:47 +0800  

03 Dec, 2006

1 commit

• de64688ff   NetLabel: honor the audit_enabled flag ... Browse Code »

  The audit_enabled flag is used to signal when syscall auditing is to be
  performed. While NetLabel uses a Netlink interface instead of syscalls, it is
  reasonable to consider the NetLabel Netlink interface as a form of syscall so
  pay attention to the audit_enabled flag when generating audit messages in
  NetLabel.

  Signed-off-by: Paul Moore
  Signed-off-by: James Morris

  Paul Moore

  2006-12-03 13:24:15 +0800  

30 Sep, 2006

1 commit

• 95d4e6be2   [NetLabel]: audit fixups due to delayed feedback ... Browse Code »

  Fix some issues Steve Grubb had with the way NetLabel was using the audit
  subsystem. This should make NetLabel more consistent with other kernel
  generated audit messages specifying configuration changes.

  Signed-off-by: Paul Moore
  Acked-by: Steve Grubb
  Signed-off-by: David S. Miller

  Paul Moore

  2006-09-30 08:05:05 +0800  

29 Sep, 2006

1 commit

• 32f50cdee   [NetLabel]: add audit support for configuration changes ... Browse Code »

  This patch adds audit support to NetLabel, including six new audit message
  types shown below.

  #define AUDIT_MAC_UNLBL_ACCEPT 1406
  #define AUDIT_MAC_UNLBL_DENY 1407
  #define AUDIT_MAC_CIPSOV4_ADD 1408
  #define AUDIT_MAC_CIPSOV4_DEL 1409
  #define AUDIT_MAC_MAP_ADD 1410
  #define AUDIT_MAC_MAP_DEL 1411

  Signed-off-by: Paul Moore
  Acked-by: James Morris
  Signed-off-by: David S. Miller

  Paul Moore

  2006-09-29 09:03:09 +0800  

26 Sep, 2006

1 commit

• fcd482806   [NetLabel]: rework the Netlink attribute handling (part 1) ... Browse Code »

  At the suggestion of Thomas Graf, rewrite NetLabel's use of Netlink attributes
  to better follow the common Netlink attribute usage.

  Signed-off-by: Paul Moore
  Signed-off-by: David S. Miller

  Paul Moore

  2006-09-26 06:56:09 +0800  

23 Sep, 2006

2 commits

• d387f6ad1   [NETLINK]: Add notification message sending interface ... Browse Code »

  Adds nlmsg_notify() implementing proper notification logic. The
  message is multicasted to all listeners in the group. The
  applications the requests orignates from can request a unicast
  back report in which case said socket will be excluded from the
  multicast to avoid duplicated notifications.

  nlmsg_multicast() is extended to take allocation flags to
  allow notification in atomic contexts.

  Signed-off-by: Thomas Graf
  Signed-off-by: David S. Miller

  Thomas Graf

  2006-09-23 05:54:49 +0800  
• d15c345fe   [NetLabel]: core NetLabel subsystem ... Browse Code »

  Add a new kernel subsystem, NetLabel, to provide explicit packet
  labeling services (CIPSO, RIPSO, etc.) to LSM developers. NetLabel is
  designed to work in conjunction with a LSM to intercept and decode
  security labels on incoming network packets as well as ensure that
  outgoing network packets are labeled according to the security
  mechanism employed by the LSM. The NetLabel subsystem is configured
  through a Generic NETLINK interface described in the header files
  included in this patch.

  Signed-off-by: Paul Moore
  Signed-off-by: David S. Miller

  Paul Moore

  2006-09-23 05:53:34 +0800