Re: [PATCH] selinux: log raw contexts as untrusted strings

Tue, 11 Jun 2019 10:04:01 -0700 

On 2019-06-11 10:07, Ondrej Mosnacek wrote:
> These strings may come from untrusted sources (e.g. file xattrs) so they
> need to be properly escaped.
> 
> Reproducer:
>     # setenforce 0
>     # touch /tmp/test
>     # setfattr -n security.selinux -v 'kuřecí řízek' /tmp/test
>     # runcon system_u:system_r:sshd_t:s0 cat /tmp/test
>     (look at the generated AVCs)
> 
> Actual result:
>     type=AVC [...] trawcon=kuřecí řízek
> 
> Expected result:
>     type=AVC [...] trawcon=6B75C5996563C3AD20C599C3AD7A656B
> 
> Fixes: fede148324c3 ("selinux: log invalid contexts in AVCs")
> Cc: [email protected] # v5.1+
> Signed-off-by: Ondrej Mosnacek <[email protected]>

Acked-by: Richard Guy Briggs <[email protected]>

> ---
>  security/selinux/avc.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index 8346a4f7c5d7..a99be508f93d 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -739,14 +739,20 @@ static void avc_audit_post_callback(struct audit_buffer 
> *ab, void *a)
>       rc = security_sid_to_context_inval(sad->state, sad->ssid, &scontext,
>                                          &scontext_len);
>       if (!rc && scontext) {
> -             audit_log_format(ab, " srawcon=%s", scontext);
> +             if (scontext_len && scontext[scontext_len - 1] == '\0')
> +                     scontext_len--;
> +             audit_log_format(ab, " srawcon=");
> +             audit_log_n_untrustedstring(ab, scontext, scontext_len);
>               kfree(scontext);
>       }
>  
>       rc = security_sid_to_context_inval(sad->state, sad->tsid, &scontext,
>                                          &scontext_len);
>       if (!rc && scontext) {
> -             audit_log_format(ab, " trawcon=%s", scontext);
> +             if (scontext_len && scontext[scontext_len - 1] == '\0')
> +                     scontext_len--;
> +             audit_log_format(ab, " trawcon=");
> +             audit_log_n_untrustedstring(ab, scontext, scontext_len);
>               kfree(scontext);
>       }
>  }
> -- 
> 2.20.1
> 
> --
> Linux-audit mailing list
> [email protected]
> https://www.redhat.com/mailman/listinfo/linux-audit

- RGB

--
Richard Guy Briggs <[email protected]>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to