On Tue, 14 Apr 2015, Richard Guy Briggs wrote: > When task->comm is passed directly to audit_log_untrustedstring() without > getting a copy or using the task_lock, there is a race that could happen that > would output a NULL (\0) in the middle of the output string that would > effectively truncate the rest of the report text after the comm= field in the > audit log message, losing fields. > > Using get_task_comm() to get a copy while acquiring the task_lock to prevent > this and to prevent the result from being a mixture of old and new values of > comm would incur potentially unacceptable overhead, considering that the value > can be influenced by userspace and therefore untrusted anyways. > > Copy the value before passing it to audit_log_untrustedstring() ensures that a > local copy is used to calculate the length *and* subsequently printed. Even > if > this value contains a mix of old and new values, it will only calculate and > copy up to the first NULL, preventing the rest of the audit log message being > truncated. > > Use a second local copy of comm to avoid a race between the first and second > calls to audit_log_untrustedstring() with comm. > > Reported-by: Tetsuo Handa <[email protected]> > Signed-off-by: Richard Guy Briggs <[email protected]>
Applied. -- James Morris <[email protected]> -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
