20 Mar, 2014

1 commit


14 Jan, 2014

1 commit


01 May, 2013

6 commits

  • We were doing spin_lock_irq and spin_unlock_irq. This is STOOPID.

    If we were in interupt context we were already screwed and called
    panic() in do_exit(). So the irq stuff is useless. Also, these values
    can only be changed by receiving a netlink message from current. Since
    we are in do_exit() clearly we aren't in the syscall sending the netlink
    message to change these values. Thus, just read them and go with it.

    Signed-off-by: Eric Paris

    Eric Paris
     
  • current->signal->audit_* can only change from a netlink message from
    current. Obviously in this case we cannot be handling a netlink message
    from current. So there is no change these can change under us. No need
    to take a lock to read them.

    Signed-off-by: Eric Paris

    Eric Paris
     
  • Most commands are entered one line at a time and processed as complete lines
    in non-canonical mode. Commands that interactively require a password, enter
    canonical mode to do this while shutting off echo. This pair of features
    (icanon and !echo) can be used to avoid logging passwords by audit while still
    logging the rest of the command.

    Adding a member (log_passwd) to the struct audit_tty_status passed in by
    pam_tty_audit allows control of canonical mode without echo per task.

    Signed-off-by: Richard Guy Briggs
    Signed-off-by: Eric Paris

    Richard Guy Briggs
     
  • Some of the callers of the audit tty function use spin_lock_irqsave/restore.
    We were using the forced always enable version, which seems really bad.
    Since I don't know every one of these code paths well enough, it makes
    sense to just switch everything to the safe version. Maybe it's a
    little overzealous, but it's a lot better than an unlucky deadlock when
    we return to a caller with irq enabled and they expect it to be
    disabled.

    Signed-off-by: Eric Paris

    Eric Paris
     
  • Since we are always current, we can push a lot of this stuff to the
    bottom and get rid of useless interfaces and arguments.

    Signed-off-by: Eric Paris

    Eric Paris
     
  • We always use current. Stop pulling this when the skb comes in and
    pushing it around as arguments. Just get it at the end when you need
    it.

    Signed-off-by: Eric Paris

    Eric Paris
     

23 Oct, 2012

1 commit

  • This is a private member of n_tty. Stop accessing it. Instead, take is
    as an argument.

    This is needed to allow clean switch of the private members to a
    separate private structure of n_tty.

    Signed-off-by: Jiri Slaby
    Acked-by: Alan Cox
    Signed-off-by: Greg Kroah-Hartman

    Jiri Slaby
     

18 Sep, 2012

2 commits

  • - Explicitly format uids gids in audit messges in the initial user
    namespace. This is safe because auditd is restrected to be in
    the initial user namespace.

    - Convert audit_sig_uid into a kuid_t.

    - Enable building the audit code and user namespaces at the same time.

    The net result is that the audit subsystem now uses kuid_t and kgid_t whenever
    possible making it almost impossible to confuse a raw uid_t with a kuid_t
    preventing bugs.

    Cc: Al Viro
    Cc: Eric Paris
    Cc: Greg Kroah-Hartman
    Signed-off-by: Eric W. Biederman

    Eric W. Biederman
     
  • Always store audit loginuids in type kuid_t.

    Print loginuids by converting them into uids in the appropriate user
    namespace, and then printing the resulting uid.

    Modify audit_get_loginuid to return a kuid_t.

    Modify audit_set_loginuid to take a kuid_t.

    Modify /proc//loginuid on read to convert the loginuid into the
    user namespace of the opener of the file.

    Modify /proc//loginud on write to convert the loginuid
    rom the user namespace of the opener of the file.

    Cc: Al Viro
    Cc: Eric Paris
    Cc: Paul Moore ?
    Cc: David Miller
    Signed-off-by: Eric W. Biederman

    Eric W. Biederman
     

08 Mar, 2011

1 commit

  • The current tty_audit_add_data code:

    do {
    size_t run;

    run = N_TTY_BUF_SIZE - buf->valid;
    if (run > size)
    run = size;
    memcpy(buf->data + buf->valid, data, run);
    buf->valid += run;
    data += run;
    size -= run;
    if (buf->valid == N_TTY_BUF_SIZE)
    tty_audit_buf_push_current(buf);
    } while (size != 0);

    If the current buffer is full, kernel will then call tty_audit_buf_push_current
    to empty the buffer. But if we disabled audit at the same time, tty_audit_buf_push()
    returns immediately if audit_enabled is zero. Without emptying the buffer.
    With obvious effect on tty_audit_add_data() that ends up spinning in that loop,
    copying 0 bytes at each iteration and attempting to push each time without any effect.
    Holding the lock all along.

    Suggested-by: Alexander Viro
    Signed-off-by: Xiaotian Feng
    Signed-off-by: Greg Kroah-Hartman

    Xiaotian Feng
     

05 Nov, 2010

1 commit