user/sven/linux.git/kernel/auditsc.c, branch v3.14.38

audit: remove superfluous new- prefix in AUDIT_LOGIN messages

2014-07-09T18:18:28Z

commit aa589a13b5d00d3c643ee4114d8cbc3addb4e99f upstream. The new- prefix on ses and auid are un-necessary and break ausearch. Signed-off-by: Richard Guy Briggs Reported-by: Steve Grubb Signed-off-by: Greg Kroah-Hartman

auditsc: audit_krule mask accesses need bounds checking

2014-06-16T20:40:33Z

commit a3c54931199565930d6d84f4c3456f6440aefd41 upstream. Fixes an easy DoS and possible information disclosure. This does nothing about the broken state of x32 auditing. eparis: If the admin has enabled auditd and has specifically loaded audit rules. This bug has been around since before git. Wow... Signed-off-by: Andy Lutomirski Signed-off-by: Eric Paris Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman

audit: convert PPIDs to the inital PID namespace.

2014-05-31T20:20:27Z

commit c92cdeb45eea38515e82187f48c2e4f435fb4e25 upstream. sys_getppid() returns the parent pid of the current process in its own pid namespace. Since audit filters are based in the init pid namespace, a process could avoid a filter or trigger an unintended one by being in an alternate pid namespace or log meaningless information. Switch to task_ppid_nr() for PPIDs to anchor all audit filters in the init_pid_ns. (informed by ebiederman's 6c621b7e) Cc: Eric W. Biederman Signed-off-by: Richard Guy Briggs Signed-off-by: Greg Kroah-Hartman

execve: use 'struct filename *' for executable name passing

2014-02-05T20:54:53Z

This changes 'do_execve()' to get the executable name as a 'struct filename', and to free it when it is done. This is what the normal users want, and it simplifies and streamlines their error handling. The controlled lifetime of the executable name also fixes a use-after-free problem with the trace_sched_process_exec tracepoint: the lifetime of the passed-in string for kernel users was not at all obvious, and the user-mode helper code used UMH_WAIT_EXEC to serialize the pathname allocation lifetime with the execve() having finished, which in turn meant that the trace point that happened after mm_release() of the old process VM ended up using already free'd memory. To solve the kernel string lifetime issue, this simply introduces "getname_kernel()" that works like the normal user-space getname() function, except with the source coming from kernel memory. As Oleg points out, this also means that we could drop the tcomm[] array from 'struct linux_binprm', since the pathname lifetime now covers setup_new_exec(). That would be a separate cleanup. Reported-by: Igor Zhbanov Tested-by: Steven Rostedt Cc: Oleg Nesterov Cc: Al Viro Signed-off-by: Linus Torvalds

audit: fix dangling keywords in audit_log_set_loginuid() output

2014-01-14T03:32:38Z

Remove spaces between "new", "old" label modifiers and "auid", "ses" labels in log output since userspace tools can't parse orphaned keywords. Make variable names more consistent and intuitive. Make audit_log_format() argument code easier to read. Signed-off-by: Richard Guy Briggs Signed-off-by: Eric Paris

audit: convert all sessionid declaration to unsigned int

2014-01-14T03:31:46Z

Right now the sessionid value in the kernel is a combination of u32, int, and unsigned int. Just use unsigned int throughout. Signed-off-by: Eric Paris Signed-off-by: Richard Guy Briggs Signed-off-by: Eric Paris

audit: Added exe field to audit core dump signal log

2014-01-14T03:31:38Z

Currently when the coredump signals are logged by the audit system, the actual path to the executable is not logged. Without details of exe, the system admin may not have an exact idea on what program failed. This patch changes the audit_log_task() so that the path to the exe is also logged. This was copied from audit_log_task_info() and the latter enhanced to avoid disappearing text fields. Signed-off-by: Paul Davies C Signed-off-by: Richard Guy Briggs Signed-off-by: Eric Paris

audit: drop audit_log_abend()

2014-01-14T03:30:59Z

The audit_log_abend() is used only by the audit_core_dumps(). Thus there is no need of maintaining the audit_log_abend() as a separate function. This patch drops the audit_log_abend() and pushes its functionalities back to the audit_core_dumps(). Apart from that the "reason" field is also dropped from being logged since the reason can be deduced from the signal number. Signed-off-by: Paul Davies C Acked-by: Eric Paris Signed-off-by: Richard Guy Briggs Signed-off-by: Eric Paris

audit: don't generate loginuid log when audit disabled

2014-01-14T03:30:25Z

If audit is disabled, we shouldn't generate loginuid audit log. Acked-by: Eric Paris Signed-off-by: Gao feng Signed-off-by: Richard Guy Briggs Signed-off-by: Eric Paris

audit: Simplify and correct audit_log_capset

2014-01-14T03:26:48Z

- Always report the current process as capset now always only works on the current process. This prevents reporting 0 or a random pid in a random pid namespace. - Don't bother to pass the pid as is available. Signed-off-by: "Eric W. Biederman" (cherry picked from commit bcc85f0af31af123e32858069eb2ad8f39f90e67) (cherry picked from commit f911cac4556a7a23e0b3ea850233d13b32328692) Signed-off-by: Richard Guy Briggs [eparis: fix build error when audit disabled] Signed-off-by: Eric Paris