1. 01 Aug, 2008 2 commits
    • Vesa-Matti J Kari's avatar
      kernel/audit.c control character detection is off-by-one · 1d6c9649
      Vesa-Matti J Kari authored
      Hello,
      
      According to my understanding there is an off-by-one bug in the
      function:
      
         audit_string_contains_control()
      
      in:
      
        kernel/audit.c
      
      Patch is included.
      
      I do not know from how many places the function is called from, but for
      example, SELinux Access Vector Cache tries to log untrusted filenames via
      call path:
      
      avc_audit()
           audit_log_untrustedstring()
               audit_log_n_untrustedstring()
                   audit_string_contains_control()
      
      If audit_string_contains_control() detects control characters, then the
      string is hex-encoded. But the hex=0x7f dec=127, DEL-character, is not
      detected.
      
      I guess this could have at least some minor security implications, since a
      user can create a filename with 0x7f in it, causing logged filename to
      possibly look different when someone reads it on the terminal.
      Signed-off-by: default avatarVesa-Matti Kari <vmkari@cc.helsinki.fi>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      1d6c9649
    • Eric Paris's avatar
      [PATCH] Audit: Collect signal info when SIGUSR2 is sent to auditd · ee1d3156
      Eric Paris authored
      Makes the kernel audit subsystem collect information about the sending
      process when that process sends SIGUSR2 to the userspace audit daemon.
      SIGUSR2 is a new interesting signal to auditd telling auditd that it
      should try to start logging to disk again and the error condition which
      caused it to stop logging to disk (usually out of space) has been
      rectified.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      ee1d3156
  2. 30 Jul, 2008 38 commits