On 10/23/2013 11:52 AM, William Roberts wrote:
>>From e05336c6d24fc2ce427b1489bb9acfb3a7ab86ec Mon Sep 17 00:00:00 2001
> From: William Roberts <wrobe...@tresys.com>
> Date: Tue, 22 Oct 2013 14:23:27 -0700
> Subject: [PATCH] audit: Add cmdline to taskinfo output
>
> On some devices, the cmdline and task info vary. For instance, on
> Android, the cmdline is set to the package name, and the task info
> is the name of the VM, which is not very helpful.
>
> Change-Id: I98a417c9ab3b95664c49aa1c7513cfd8296b6a2a
> Signed-off-by: William Roberts <wrobe...@tresys.com>
> ---
> fs/proc/base.c | 2 +-
> include/linux/proc_fs.h | 1 +
> kernel/auditsc.c | 16 ++++++++++++++++
> 3 files changed, 18 insertions(+), 1 deletion(-)
>
> diff --git a/fs/proc/base.c b/fs/proc/base.c
> index 2f198da..25b73d3 100644
> --- a/fs/proc/base.c
> +++ b/fs/proc/base.c
> @@ -209,7 +209,7 @@ struct mm_struct *mm_for_maps(struct task_struct *task)
> return mm_access(task, PTRACE_MODE_READ);
> }
>
> -static int proc_pid_cmdline(struct task_struct *task, char * buffer)
> +int proc_pid_cmdline(struct task_struct *task, char *buffer)
> {
> int res = 0;
> unsigned int len;
> diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
> index 85c5073..d85ac14 100644
> --- a/include/linux/proc_fs.h
> +++ b/include/linux/proc_fs.h
> @@ -118,6 +118,7 @@ struct pid_namespace;
>
> extern int pid_ns_prepare_proc(struct pid_namespace *ns);
> extern void pid_ns_release_proc(struct pid_namespace *ns);
> +extern int proc_pid_cmdline(struct task_struct *task, char *buffer);
>
> /*
> * proc_tty.c
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 27ad9dd..076155d 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -67,6 +67,7 @@
> #include <linux/syscalls.h>
> #include <linux/capability.h>
> #include <linux/fs_struct.h>
> +#include <linux/proc_fs.h>
>
> #include "audit.h"
>
> @@ -1158,6 +1159,7 @@ static void audit_log_task_info(struct audit_buffer
> *ab, struct task_struct *tsk
> char name[sizeof(tsk->comm)];
> struct mm_struct *mm = tsk->mm;
> struct vm_area_struct *vma;
> + unsigned long page;
>
> /* tsk == current */
>
> @@ -1179,6 +1181,20 @@ static void audit_log_task_info(struct audit_buffer
> *ab, struct task_struct *tsk
> }
> up_read(&mm->mmap_sem);
> }
> +
> + /* Get the process cmdline */
> + page = __get_free_page(GFP_TEMPORARY);
> + if (!page)
> + goto out;
> +
> + if (!proc_pid_cmdline(tsk, (char *)page))
> + goto free;
> +
> + audit_log_format(ab, " cmdline=");
> + audit_log_untrustedstring(ab, (char *)page);
> +free:
> + free_page(page);
> +out:
> audit_log_task_context(ab);
> }
>
As before, you need to ensure that page is NUL-terminated
before passing it to audit_log_untrustedstring(). Nothing in
proc_pid_cmdline() guarantees this AFAICS - they just test for it to see
if they should look for something in the env region too. But note how
they use strnlen() throughout as they aren't guaranteed that it is
NUL-terminated. So you have to ensure that at least page[PAGE_SIZE-1] = 0.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with
the words "unsubscribe seandroid-list" without quotes as the message.
