On Thu, May 24, 2018 at 4:10 PM, Stefan Berger <[email protected]> wrote: > The parameters passed to this logging function are all provided by > a privileged user and therefore we can call audit_log_string() > rather than audit_log_untrustedstring(). > > Signed-off-by: Stefan Berger <[email protected]> > Suggested-by: Steve Grubb <[email protected]> > --- > security/integrity/ima/ima_policy.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-)
Acked-by: Paul Moore <[email protected]> > diff --git a/security/integrity/ima/ima_policy.c > b/security/integrity/ima/ima_policy.c > index d89bebf85421..a823f11a3e6b 100644 > --- a/security/integrity/ima/ima_policy.c > +++ b/security/integrity/ima/ima_policy.c > @@ -615,7 +615,7 @@ static void ima_log_string_op(struct audit_buffer *ab, > char *key, char *value, > audit_log_format(ab, "%s<", key); > else > audit_log_format(ab, "%s=", key); > - audit_log_untrustedstring(ab, value); > + audit_log_string(ab, value); > audit_log_format(ab, " "); > } > static void ima_log_string(struct audit_buffer *ab, char *key, char *value) > -- > 2.13.6 > > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
