mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-07 14:32:23 +00:00
audit: get comm using lock to avoid race in string printing
When task->comm is passed directly to audit_log_untrustedstring() without getting a copy or using the task_lock, there is a race that could happen that would output a NULL (\0) in the output string that would effectively truncate the rest of the report text after the comm= field in the audit, losing fields. Use get_task_comm() to get a copy while acquiring the task_lock to prevent this and to prevent the result from being a mixture of old and new values of comm. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
This commit is contained in:
parent
f874738e8c
commit
9eab339b19
@ -1850,7 +1850,7 @@ EXPORT_SYMBOL(audit_log_task_context);
|
|||||||
void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
|
void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
|
||||||
{
|
{
|
||||||
const struct cred *cred;
|
const struct cred *cred;
|
||||||
char name[sizeof(tsk->comm)];
|
char comm[sizeof(tsk->comm)];
|
||||||
struct mm_struct *mm = tsk->mm;
|
struct mm_struct *mm = tsk->mm;
|
||||||
char *tty;
|
char *tty;
|
||||||
|
|
||||||
@ -1884,9 +1884,8 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
|
|||||||
from_kgid(&init_user_ns, cred->fsgid),
|
from_kgid(&init_user_ns, cred->fsgid),
|
||||||
tty, audit_get_sessionid(tsk));
|
tty, audit_get_sessionid(tsk));
|
||||||
|
|
||||||
get_task_comm(name, tsk);
|
|
||||||
audit_log_format(ab, " comm=");
|
audit_log_format(ab, " comm=");
|
||||||
audit_log_untrustedstring(ab, name);
|
audit_log_untrustedstring(ab, get_task_comm(comm, tsk));
|
||||||
|
|
||||||
if (mm) {
|
if (mm) {
|
||||||
down_read(&mm->mmap_sem);
|
down_read(&mm->mmap_sem);
|
||||||
|
@ -2424,6 +2424,7 @@ static void audit_log_task(struct audit_buffer *ab)
|
|||||||
kgid_t gid;
|
kgid_t gid;
|
||||||
unsigned int sessionid;
|
unsigned int sessionid;
|
||||||
struct mm_struct *mm = current->mm;
|
struct mm_struct *mm = current->mm;
|
||||||
|
char comm[sizeof(current->comm)];
|
||||||
|
|
||||||
auid = audit_get_loginuid(current);
|
auid = audit_get_loginuid(current);
|
||||||
sessionid = audit_get_sessionid(current);
|
sessionid = audit_get_sessionid(current);
|
||||||
@ -2436,7 +2437,7 @@ static void audit_log_task(struct audit_buffer *ab)
|
|||||||
sessionid);
|
sessionid);
|
||||||
audit_log_task_context(ab);
|
audit_log_task_context(ab);
|
||||||
audit_log_format(ab, " pid=%d comm=", task_pid_nr(current));
|
audit_log_format(ab, " pid=%d comm=", task_pid_nr(current));
|
||||||
audit_log_untrustedstring(ab, current->comm);
|
audit_log_untrustedstring(ab, get_task_comm(comm, current));
|
||||||
if (mm) {
|
if (mm) {
|
||||||
down_read(&mm->mmap_sem);
|
down_read(&mm->mmap_sem);
|
||||||
if (mm->exe_file)
|
if (mm->exe_file)
|
||||||
|
Loading…
Reference in New Issue
Block a user