Eric Lee / smarc-fsl-linux-kernel

11 Jun, 2009

1 commit

c481c707f tty: remove buffer special casing ... Browse Code »

Long long ago a 4K kmalloc allocated two pages so the tty layer used the
page allocator, except on some machines where the page size was huge. This was
removed from the core tty layer with the tty buffer re-implementation but not
from tty_audit or the n_tty ldisc.

Signed-off-by: Alan Cox
Signed-off-by: Linus Torvalds

Alan Cox
2009-06-11 23:51:02 +0800

01 Apr, 2009

1 commit

e5824c97a Trim includes of fdtable.h ... Browse Code »

Signed-off-by: Al Viro

Al Viro
2009-04-01 11:00:28 +0800

09 Dec, 2008

1 commit

1e641743f Audit: Log TIOCSTI ... Browse Code »

AUDIT_TTY records currently log all data read by processes marked for
TTY input auditing, even if the data was "pushed back" using the TIOCSTI
ioctl, not typed by the user.

This patch records all TIOCSTI calls to disambiguate the input. It
generates one audit message per character pushed back; considering
TIOCSTI is used very rarely, this simple solution is probably good
enough. (The only program I could find that uses TIOCSTI is mailx/nail
in "header editing" mode, e.g. using the ~h escape. mailx is used very
rarely, and the escapes are used even rarer.)

Signed-Off-By: Miloslav Trmac
Signed-off-by: Al Viro
Signed-off-by: James Morris

Al Viro
2008-12-09 17:32:06 +0800

14 Nov, 2008

1 commit

66303bce9 CRED: Wrap task credential accesses in the tty driver ... Browse Code »

Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.

Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().

Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.

Signed-off-by: David Howells
Reviewed-by: James Morris
Acked-by: Serge Hallyn
Cc: Alan Cox
Signed-off-by: James Morris

David Howells
2008-11-14 07:38:41 +0800

14 Oct, 2008

1 commit

7459b6ff3 audit: Handle embedded NUL in TTY input auditing ... Browse Code »

Data read from a TTY can contain an embedded NUL byte (e.g. after
pressing Ctrl-2, or sent to a PTY). After the previous patch, the data
would be logged only up to the first NUL.

This patch modifies the AUDIT_TTY record to always use the hexadecimal
format, which does not terminate at the first NUL byte. The vast
majority of recorded TTY input data will contain either ' ' or '\n', so
the hexadecimal format would have been used anyway.

Signed-off-by: Miloslav Trmac
Signed-off-by: Alan Cox
Signed-off-by: Linus Torvalds

Miloslav Trmac
2008-10-14 00:51:39 +0800

02 May, 2008

1 commit

9f3acc314 [PATCH] split linux/file.h ... Browse Code »

Initial splitoff of the low-level stuff; taken to fdtable.h

Signed-off-by: Al Viro

Al Viro
2008-05-02 01:08:16 +0800

28 Apr, 2008

3 commits

41126226e [patch 1/2] audit: let userspace fully control TTY input auditing ... Browse Code »

Remove the code that automatically disables TTY input auditing in processes
that open TTYs when they have no other TTY open; this heuristic was
intended to automatically handle daemons, but it has false positives (e.g.
with sshd) that make it impossible to control TTY input auditing from a PAM
module. With this patch, TTY input auditing is controlled from user-space
only.

On the other hand, not even for daemons does it make sense to audit "input"
from PTY masters; this data was produced by a program writing to the PTY
slave, and does not represent data entered by the user.

Signed-off-by: Miloslav Trmac
Cc: Al Viro
Cc: David Woodhouse
Signed-off-by: Andrew Morton
Signed-off-by: Al Viro

Miloslav Trmac
2008-04-28 18:28:24 +0800
b556f8ad5 Audit: standardize string audit interfaces ... Browse Code »

This patch standardized the string auditing interfaces. No userspace
changes will be visible and this is all just cleanup and consistancy
work. We have the following string audit interfaces to use:

void audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len);

void audit_log_n_string(struct audit_buffer *ab, const char *buf, size_t n);
void audit_log_string(struct audit_buffer *ab, const char *buf);

void audit_log_n_untrustedstring(struct audit_buffer *ab, const char *string, size_t n);
void audit_log_untrustedstring(struct audit_buffer *ab, const char *string);

This may be the first step to possibly fixing some of the issues that
people have with the string output from the kernel audit system. But we
still don't have an agreed upon solution to that problem.

Signed-off-by: Eric Paris
Signed-off-by: Al Viro

Eric Paris
2008-04-28 18:19:22 +0800
2532386f4 Audit: collect sessionid in netlink messages ... Browse Code »

Previously I added sessionid output to all audit messages where it was
available but we still didn't know the sessionid of the sender of
netlink messages. This patch adds that information to netlink messages
so we can audit who sent netlink messages.

Signed-off-by: Eric Paris
Signed-off-by: Al Viro

Eric Paris
2008-04-28 18:18:03 +0800

09 Feb, 2008

1 commit

66c6ceae3 tty_audit: fix checkpatch complaint ... Browse Code »

Signed-off-by: Alan Cox
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds

Alan Cox
2008-02-09 01:22:25 +0800

02 Feb, 2008

2 commits

4746ec5b0 [AUDIT] add session id to audit messages ... Browse Code »

In order to correlate audit records to an individual login add a session
id. This is incremented every time a user logs in and is included in
almost all messages which currently output the auid. The field is
labeled ses= or oses=

Signed-off-by: Eric Paris

Eric Paris
2008-02-02 03:06:51 +0800
0c11b9428 [PATCH] switch audit_get_loginuid() to task_struct * ... Browse Code »

all callers pass something->audit_context

Signed-off-by: Al Viro

Al Viro
2008-02-02 03:04:59 +0800

17 Jul, 2007

1 commit

522ed7767 Audit: add TTY input auditing ... Browse Code »

Add TTY input auditing, used to audit system administrator's actions. This is
required by various security standards such as DCID 6/3 and PCI to provide
non-repudiation of administrator's actions and to allow a review of past
actions if the administrator seems to overstep their duties or if the system
becomes misconfigured for unknown reasons. These requirements do not make it
necessary to audit TTY output as well.

Compared to an user-space keylogger, this approach records TTY input using the
audit subsystem, correlated with other audit events, and it is completely
transparent to the user-space application (e.g. the console ioctls still
work).

TTY input auditing works on a higher level than auditing all system calls
within the session, which would produce an overwhelming amount of mostly
useless audit events.

Add an "audit_tty" attribute, inherited across fork (). Data read from TTYs
by process with the attribute is sent to the audit subsystem by the kernel.
The audit netlink interface is extended to allow modifying the audit_tty
attribute, and to allow sending explanatory audit events from user-space (for
example, a shell might send an event containing the final command, after the
interactive command-line editing and history expansion is performed, which
might be difficult to decipher from the TTY input alone).

Because the "audit_tty" attribute is inherited across fork (), it would be set
e.g. for sshd restarted within an audited session. To prevent this, the
audit_tty attribute is cleared when a process with no open TTY file
descriptors (e.g. after daemon startup) opens a TTY.

See https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a
more detailed rationale document for an older version of this patch.

[akpm@linux-foundation.org: build fix]
Signed-off-by: Miloslav Trmac
Cc: Al Viro
Cc: Alan Cox
Cc: Paul Fulghum
Cc: Casey Schaufler
Cc: Steve Grubb
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds

Miloslav Trmac
2007-07-17 00:05:47 +0800