On Wednesday, July 08, 2015 04:50:27 PM Paul Moore wrote: > On Wednesday, July 08, 2015 04:28:06 PM Steve Grubb wrote: > > Hello Paul Moore, > > > > Looks like this patch never got picked up. I think we should apply it. > > Thanks for finding this; did you run into this problem?
I was going through old email trying to clear my backlog and saw this one marked for follow up at some point. > Since this was posted back in 2013 it would be nice if someone could do a > quick sanity test to show that 1) the problem still exists on current > kernels and This is the function in question: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/auditsc.c?id=refs/tags/v4.2-rc1#n2357 Actually, I missed the call to audit_log_d_path_exe() because I was looking for exe= in the logging string ...so its already fixed. Sorry for the noise. :-) -Steve > 2) the patch below fixes it. You get extra credit if you show > your work. > > The reproducer should be trivial; I'm just dealing with some other issues > these next few days. > > > On Thursday, November 14, 2013 08:56:57 AM Paul Davies C wrote: > > > Currently when the coredump signals are logged by the audit system , the > > > actual path to the executable is not logged. Without details of exe , > > > the > > > system admin may not have an exact idea on what program failed. > > > > > > This patch changes the audit_log_task() so that the path to the exe is > > > also > > > logged. > > > > > > Signed-off-by: Paul Davies C <[email protected]> > > > --- > > > > > > kernel/auditsc.c | 7 +++++++ > > > 1 file changed, 7 insertions(+) > > > > > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > > > index 9845cb3..988de72 100644 > > > --- a/kernel/auditsc.c > > > +++ b/kernel/auditsc.c > > > @@ -2353,6 +2353,7 @@ static void audit_log_task(struct audit_buffer > > > *ab) > > > > > > kuid_t auid, uid; > > > kgid_t gid; > > > unsigned int sessionid; > > > > > > + struct mm_struct *mm = current->mm; > > > > > > auid = audit_get_loginuid(current); > > > sessionid = audit_get_sessionid(current); > > > > > > @@ -2366,6 +2367,12 @@ static void audit_log_task(struct audit_buffer > > > *ab) > > > > > > audit_log_task_context(ab); > > > audit_log_format(ab, " pid=%d comm=", current->pid); > > > audit_log_untrustedstring(ab, current->comm); > > > > > > + if (mm) { > > > + down_read(&mm->mmap_sem); > > > + if (mm->exe_file) > > > + audit_log_d_path(ab, " exe=", &mm->exe_file->f_path); > > > + up_read(&mm->mmap_sem); > > > + } > > > > > > } > > > > > > static void audit_log_abend(struct audit_buffer *ab, char *reason, long > > > > > > signr) -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
