subject:"\[PATCH 1\/2\] auditsc\: audit_krule mask accesses need bounds checking"

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-10 Thread Linus Torvalds

On Tue, Jun 10, 2014 at 8:42 AM, Linus Torvalds
 wrote:
>
> Ok, I'll take your patch-series rather than the recent pull from Andy,
> and pick up #2 that way too.

Hmm. In fact, #2 doesn't apply cleanly. It's trivial to fix up, but
rather than do that, the reject made me go "I'll just forward this to
Peter Anvin" instead, so that he's aware of the x32 issue.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-10 Thread Linus Torvalds

On Tue, Jun 10, 2014 at 5:50 AM, Eric Paris  wrote:
>
> No, it's good to blame me.  I was trying to deal with it as fast as I
> could since I was already trying to ignore my computer before I got
> married last weekend and took the last week off.  I realized when I got
> back yesterday you hadn't picked it up and it was on my list of things
> to try to handle today.  I think both 1 and 2 are good to be applied to
> your tree.  Although only #1 is really an absolutely critical issue.

Ok, I'll take your patch-series rather than the recent pull from Andy,
and pick up #2 that way too.

I'll just take them from emails - it's not like I have to wait for a
pull from you. It's just that I don't want to take them from emails
_and_ then get them in a pull from you, which is why I tend to want to
get explicit "please apply these directly" notification.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-10 Thread Eric Paris

On Mon, 2014-06-09 at 16:36 -0700, Linus Torvalds wrote:
> On Mon, Jun 9, 2014 at 3:56 PM, Andy Lutomirski  wrote:
> >
> > In this particular case, it's my patch, and I've never sent you a pull
> > request.  I sort of assumed that secur...@kernel.org magically caused
> > acknowledged fixes to end up in your tree.  I'm not sure what I'm
> > supposed to do here.
> >
> > Maybe the confusion is because Eric resent the patch?
> 
> So I saw the patch twice in email , but neither time did I get the
> feeling that I should apply it. The first time Eric responded to it,
> so the maintainer clearly knew about it and was reacting to it, so I
> ignored it. The second time Eric resent it as email to various people
> and lists, and I didn't react to it because I expected that was again
> just for discussion.
> 
> So I'm not blaming you as much as Eric.

No, it's good to blame me.  I was trying to deal with it as fast as I
could since I was already trying to ignore my computer before I got
married last weekend and took the last week off.  I realized when I got
back yesterday you hadn't picked it up and it was on my list of things
to try to handle today.  I think both 1 and 2 are good to be applied to
your tree.  Although only #1 is really an absolutely critical issue.

>  If a maintainer expects me to
> pick it up from the email (rather than his usual git pulls), I want
> that maintainer to *say* so. Because otherwise, as mentioned, I expect
> it to come through the maintainer tree as usual.
> 
>   Linus


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-10 Thread Eric Paris

On Mon, 2014-06-09 at 16:36 -0700, Linus Torvalds wrote:
 On Mon, Jun 9, 2014 at 3:56 PM, Andy Lutomirski l...@amacapital.net wrote:
 
  In this particular case, it's my patch, and I've never sent you a pull
  request.  I sort of assumed that secur...@kernel.org magically caused
  acknowledged fixes to end up in your tree.  I'm not sure what I'm
  supposed to do here.
 
  Maybe the confusion is because Eric resent the patch?
 
 So I saw the patch twice in email , but neither time did I get the
 feeling that I should apply it. The first time Eric responded to it,
 so the maintainer clearly knew about it and was reacting to it, so I
 ignored it. The second time Eric resent it as email to various people
 and lists, and I didn't react to it because I expected that was again
 just for discussion.
 
 So I'm not blaming you as much as Eric.

No, it's good to blame me.  I was trying to deal with it as fast as I
could since I was already trying to ignore my computer before I got
married last weekend and took the last week off.  I realized when I got
back yesterday you hadn't picked it up and it was on my list of things
to try to handle today.  I think both 1 and 2 are good to be applied to
your tree.  Although only #1 is really an absolutely critical issue.

  If a maintainer expects me to
 pick it up from the email (rather than his usual git pulls), I want
 that maintainer to *say* so. Because otherwise, as mentioned, I expect
 it to come through the maintainer tree as usual.
 
   Linus


--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-10 Thread Linus Torvalds

On Tue, Jun 10, 2014 at 5:50 AM, Eric Paris epa...@redhat.com wrote:

 No, it's good to blame me.  I was trying to deal with it as fast as I
 could since I was already trying to ignore my computer before I got
 married last weekend and took the last week off.  I realized when I got
 back yesterday you hadn't picked it up and it was on my list of things
 to try to handle today.  I think both 1 and 2 are good to be applied to
 your tree.  Although only #1 is really an absolutely critical issue.

Ok, I'll take your patch-series rather than the recent pull from Andy,
and pick up #2 that way too.

I'll just take them from emails - it's not like I have to wait for a
pull from you. It's just that I don't want to take them from emails
_and_ then get them in a pull from you, which is why I tend to want to
get explicit please apply these directly notification.

Linus
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-10 Thread Linus Torvalds

On Tue, Jun 10, 2014 at 8:42 AM, Linus Torvalds
torva...@linux-foundation.org wrote:

 Ok, I'll take your patch-series rather than the recent pull from Andy,
 and pick up #2 that way too.

Hmm. In fact, #2 doesn't apply cleanly. It's trivial to fix up, but
rather than do that, the reject made me go I'll just forward this to
Peter Anvin instead, so that he's aware of the x32 issue.

Linus
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Greg KH

On Mon, Jun 09, 2014 at 09:04:16PM -0700, Andy Lutomirski wrote:
> On Mon, Jun 9, 2014 at 7:57 PM, Greg KH  wrote:
> > On Mon, Jun 09, 2014 at 05:51:37PM -0700, Andy Lutomirski wrote:
> >> [cc list trimmed, security@ added]
> >>
> >> On Mon, Jun 9, 2014 at 5:31 PM, Greg KH  wrote:
> >> > On Mon, Jun 09, 2014 at 07:35:57PM -0400, Josh Boyer wrote:
> >> >> On Mon, Jun 9, 2014 at 6:46 PM, Greg KH  
> >> >> wrote:
> >> >> >
> >> >> > But yes, having something "real" might be good if the load gets 
> >> >> > higher,
> >> >> > right now it's so low that my "sweep pending security patches" task
> >> >> > usually catches anything pending, which is rare.
> >> >>
> >> >> How does one get added to the security@ alias?  We've been carrying
> >> >> this patch in Fedora for a bit now.  I'd be happy to help track things
> >> >> given we get distro security bug reports and such.
> >> >
> >> > Just ask on the security@ alias to be added and we can take it from
> >> > there.
> >> >
> >>
> >> Would it make sense for there to be someone on the security list who
> >> can assign CVE numbers?
> >
> > I'm pretty sure we have that already.
> 
> Let me rephrase the question:
> 
> Would it make sense for someone on the security list to assign CVE numbers?

If we cared about CVE numbers, maybe :)

Seriously, there are people on the security alias that can get CVE
numbers assigned if needed, so that should not be an issue.  It's
happened in the past from what I can recall.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Andy Lutomirski

On Mon, Jun 9, 2014 at 7:57 PM, Greg KH  wrote:
> On Mon, Jun 09, 2014 at 05:51:37PM -0700, Andy Lutomirski wrote:
>> [cc list trimmed, security@ added]
>>
>> On Mon, Jun 9, 2014 at 5:31 PM, Greg KH  wrote:
>> > On Mon, Jun 09, 2014 at 07:35:57PM -0400, Josh Boyer wrote:
>> >> On Mon, Jun 9, 2014 at 6:46 PM, Greg KH  
>> >> wrote:
>> >> >
>> >> > But yes, having something "real" might be good if the load gets higher,
>> >> > right now it's so low that my "sweep pending security patches" task
>> >> > usually catches anything pending, which is rare.
>> >>
>> >> How does one get added to the security@ alias?  We've been carrying
>> >> this patch in Fedora for a bit now.  I'd be happy to help track things
>> >> given we get distro security bug reports and such.
>> >
>> > Just ask on the security@ alias to be added and we can take it from
>> > there.
>> >
>>
>> Would it make sense for there to be someone on the security list who
>> can assign CVE numbers?
>
> I'm pretty sure we have that already.

Let me rephrase the question:

Would it make sense for someone on the security list to assign CVE numbers?

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Greg KH

On Mon, Jun 09, 2014 at 05:51:37PM -0700, Andy Lutomirski wrote:
> [cc list trimmed, security@ added]
> 
> On Mon, Jun 9, 2014 at 5:31 PM, Greg KH  wrote:
> > On Mon, Jun 09, 2014 at 07:35:57PM -0400, Josh Boyer wrote:
> >> On Mon, Jun 9, 2014 at 6:46 PM, Greg KH  wrote:
> >> >
> >> > But yes, having something "real" might be good if the load gets higher,
> >> > right now it's so low that my "sweep pending security patches" task
> >> > usually catches anything pending, which is rare.
> >>
> >> How does one get added to the security@ alias?  We've been carrying
> >> this patch in Fedora for a bit now.  I'd be happy to help track things
> >> given we get distro security bug reports and such.
> >
> > Just ask on the security@ alias to be added and we can take it from
> > there.
> >
> 
> Would it make sense for there to be someone on the security list who
> can assign CVE numbers?

I'm pretty sure we have that already.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Andy Lutomirski

[cc list trimmed, security@ added]

On Mon, Jun 9, 2014 at 5:31 PM, Greg KH  wrote:
> On Mon, Jun 09, 2014 at 07:35:57PM -0400, Josh Boyer wrote:
>> On Mon, Jun 9, 2014 at 6:46 PM, Greg KH  wrote:
>> >
>> > But yes, having something "real" might be good if the load gets higher,
>> > right now it's so low that my "sweep pending security patches" task
>> > usually catches anything pending, which is rare.
>>
>> How does one get added to the security@ alias?  We've been carrying
>> this patch in Fedora for a bit now.  I'd be happy to help track things
>> given we get distro security bug reports and such.
>
> Just ask on the security@ alias to be added and we can take it from
> there.
>

Would it make sense for there to be someone on the security list who
can assign CVE numbers?

--Andy

-- 
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Greg KH

On Mon, Jun 09, 2014 at 05:30:19PM -0700, Andy Lutomirski wrote:
> On Mon, Jun 9, 2014 at 5:32 PM, Greg KH  wrote:
> > On Mon, Jun 09, 2014 at 03:55:20PM -0700, Andy Lutomirski wrote:
> >> On Mon, Jun 9, 2014 at 3:46 PM, Greg KH  wrote:
> >> > On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
> >> >> On Mon, Jun 9, 2014 at 3:30 PM, Greg KH  
> >> >> wrote:
> >> >> > On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
> >> >> >> From: Andy Lutomirski 
> >> >> >>
> >> >> >> Fixes an easy DoS and possible information disclosure.
> >> >> >>
> >> >> >> This does nothing about the broken state of x32 auditing.
> >> >> >>
> >> >> >> eparis: If the admin has enabled auditd and has specifically loaded 
> >> >> >> audit
> >> >> >> rules.  This bug has been around since before git.  Wow...
> >> >> >>
> >> >> >> Cc: sta...@vger.kernel.org
> >> >> >> Signed-off-by: Andy Lutomirski 
> >> >> >> Signed-off-by: Eric Paris 
> >> >> >> ---
> >> >> >>  kernel/auditsc.c | 27 ++-
> >> >> >>  1 file changed, 18 insertions(+), 9 deletions(-)
> >> >> >
> >> >> > Did this patch get dropped somewhere?  Isn't it a valid bugfix, or 
> >> >> > did I
> >> >> > miss a later conversation about this?
> >> >>
> >> >> Hmm.  It seems that it didn't make it into Linus' tree.  Crap.
> >> >>
> >> >> IMO we need some kind of real tracking system for issues reported to
> >> >> security@.
> >> >
> >> > That seems to be my mbox at times :)
> >> >
> >> > But yes, having something "real" might be good if the load gets higher,
> >> > right now it's so low that my "sweep pending security patches" task
> >> > usually catches anything pending, which is rare.
> >> >
> >>
> >> There are currently at least two issues that I reported that are stuck
> >> in limbo: this one and the (not-yet-public) vfs thing.
> >
> > That was next on my list to poke people about...
> >
> >> And there's the CVE-2014-0181 regression fix that almost got
> >> forgotten, but that isn't really a security issue.
> >
> > What is that, where was that reported?
> 
> commit 2d7a85f4b06e9c27ff629f07a524c48074f07f81
> Author: Eric W. Biederman 
> Date:   Fri May 30 11:04:00 2014 -0700
> 
> netlink: Only check file credentials for implicit destinations
> 
> 
> The security issue got fixed quickly, but the fix turned out to be 
> problematic.

Ah, thanks, I rely on Dave to send me networking stable patches, I'm
sure he's on this...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Andy Lutomirski

On Mon, Jun 9, 2014 at 5:32 PM, Greg KH  wrote:
> On Mon, Jun 09, 2014 at 03:55:20PM -0700, Andy Lutomirski wrote:
>> On Mon, Jun 9, 2014 at 3:46 PM, Greg KH  wrote:
>> > On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
>> >> On Mon, Jun 9, 2014 at 3:30 PM, Greg KH  
>> >> wrote:
>> >> > On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
>> >> >> From: Andy Lutomirski 
>> >> >>
>> >> >> Fixes an easy DoS and possible information disclosure.
>> >> >>
>> >> >> This does nothing about the broken state of x32 auditing.
>> >> >>
>> >> >> eparis: If the admin has enabled auditd and has specifically loaded 
>> >> >> audit
>> >> >> rules.  This bug has been around since before git.  Wow...
>> >> >>
>> >> >> Cc: sta...@vger.kernel.org
>> >> >> Signed-off-by: Andy Lutomirski 
>> >> >> Signed-off-by: Eric Paris 
>> >> >> ---
>> >> >>  kernel/auditsc.c | 27 ++-
>> >> >>  1 file changed, 18 insertions(+), 9 deletions(-)
>> >> >
>> >> > Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
>> >> > miss a later conversation about this?
>> >>
>> >> Hmm.  It seems that it didn't make it into Linus' tree.  Crap.
>> >>
>> >> IMO we need some kind of real tracking system for issues reported to
>> >> security@.
>> >
>> > That seems to be my mbox at times :)
>> >
>> > But yes, having something "real" might be good if the load gets higher,
>> > right now it's so low that my "sweep pending security patches" task
>> > usually catches anything pending, which is rare.
>> >
>>
>> There are currently at least two issues that I reported that are stuck
>> in limbo: this one and the (not-yet-public) vfs thing.
>
> That was next on my list to poke people about...
>
>> And there's the CVE-2014-0181 regression fix that almost got
>> forgotten, but that isn't really a security issue.
>
> What is that, where was that reported?

commit 2d7a85f4b06e9c27ff629f07a524c48074f07f81
Author: Eric W. Biederman 
Date:   Fri May 30 11:04:00 2014 -0700

netlink: Only check file credentials for implicit destinations


The security issue got fixed quickly, but the fix turned out to be problematic.

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Greg KH

On Mon, Jun 09, 2014 at 03:55:20PM -0700, Andy Lutomirski wrote:
> On Mon, Jun 9, 2014 at 3:46 PM, Greg KH  wrote:
> > On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
> >> On Mon, Jun 9, 2014 at 3:30 PM, Greg KH  wrote:
> >> > On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
> >> >> From: Andy Lutomirski 
> >> >>
> >> >> Fixes an easy DoS and possible information disclosure.
> >> >>
> >> >> This does nothing about the broken state of x32 auditing.
> >> >>
> >> >> eparis: If the admin has enabled auditd and has specifically loaded 
> >> >> audit
> >> >> rules.  This bug has been around since before git.  Wow...
> >> >>
> >> >> Cc: sta...@vger.kernel.org
> >> >> Signed-off-by: Andy Lutomirski 
> >> >> Signed-off-by: Eric Paris 
> >> >> ---
> >> >>  kernel/auditsc.c | 27 ++-
> >> >>  1 file changed, 18 insertions(+), 9 deletions(-)
> >> >
> >> > Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
> >> > miss a later conversation about this?
> >>
> >> Hmm.  It seems that it didn't make it into Linus' tree.  Crap.
> >>
> >> IMO we need some kind of real tracking system for issues reported to
> >> security@.
> >
> > That seems to be my mbox at times :)
> >
> > But yes, having something "real" might be good if the load gets higher,
> > right now it's so low that my "sweep pending security patches" task
> > usually catches anything pending, which is rare.
> >
> 
> There are currently at least two issues that I reported that are stuck
> in limbo: this one and the (not-yet-public) vfs thing.

That was next on my list to poke people about...

> And there's the CVE-2014-0181 regression fix that almost got
> forgotten, but that isn't really a security issue.

What is that, where was that reported?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Greg KH

On Mon, Jun 09, 2014 at 07:35:57PM -0400, Josh Boyer wrote:
> On Mon, Jun 9, 2014 at 6:46 PM, Greg KH  wrote:
> > On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
> >> On Mon, Jun 9, 2014 at 3:30 PM, Greg KH  wrote:
> >> > On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
> >> >> From: Andy Lutomirski 
> >> >>
> >> >> Fixes an easy DoS and possible information disclosure.
> >> >>
> >> >> This does nothing about the broken state of x32 auditing.
> >> >>
> >> >> eparis: If the admin has enabled auditd and has specifically loaded 
> >> >> audit
> >> >> rules.  This bug has been around since before git.  Wow...
> >> >>
> >> >> Cc: sta...@vger.kernel.org
> >> >> Signed-off-by: Andy Lutomirski 
> >> >> Signed-off-by: Eric Paris 
> >> >> ---
> >> >>  kernel/auditsc.c | 27 ++-
> >> >>  1 file changed, 18 insertions(+), 9 deletions(-)
> >> >
> >> > Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
> >> > miss a later conversation about this?
> >>
> >> Hmm.  It seems that it didn't make it into Linus' tree.  Crap.
> >>
> >> IMO we need some kind of real tracking system for issues reported to
> >> security@.
> >
> > That seems to be my mbox at times :)
> >
> > But yes, having something "real" might be good if the load gets higher,
> > right now it's so low that my "sweep pending security patches" task
> > usually catches anything pending, which is rare.
> 
> How does one get added to the security@ alias?  We've been carrying
> this patch in Fedora for a bit now.  I'd be happy to help track things
> given we get distro security bug reports and such.

Just ask on the security@ alias to be added and we can take it from
there.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Linus Torvalds

On Mon, Jun 9, 2014 at 3:56 PM, Andy Lutomirski  wrote:
>
> In this particular case, it's my patch, and I've never sent you a pull
> request.  I sort of assumed that secur...@kernel.org magically caused
> acknowledged fixes to end up in your tree.  I'm not sure what I'm
> supposed to do here.
>
> Maybe the confusion is because Eric resent the patch?

So I saw the patch twice in email , but neither time did I get the
feeling that I should apply it. The first time Eric responded to it,
so the maintainer clearly knew about it and was reacting to it, so I
ignored it. The second time Eric resent it as email to various people
and lists, and I didn't react to it because I expected that was again
just for discussion.

So I'm not blaming you as much as Eric. If a maintainer expects me to
pick it up from the email (rather than his usual git pulls), I want
that maintainer to *say* so. Because otherwise, as mentioned, I expect
it to come through the maintainer tree as usual.

  Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Josh Boyer

On Mon, Jun 9, 2014 at 6:46 PM, Greg KH  wrote:
> On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
>> On Mon, Jun 9, 2014 at 3:30 PM, Greg KH  wrote:
>> > On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
>> >> From: Andy Lutomirski 
>> >>
>> >> Fixes an easy DoS and possible information disclosure.
>> >>
>> >> This does nothing about the broken state of x32 auditing.
>> >>
>> >> eparis: If the admin has enabled auditd and has specifically loaded audit
>> >> rules.  This bug has been around since before git.  Wow...
>> >>
>> >> Cc: sta...@vger.kernel.org
>> >> Signed-off-by: Andy Lutomirski 
>> >> Signed-off-by: Eric Paris 
>> >> ---
>> >>  kernel/auditsc.c | 27 ++-
>> >>  1 file changed, 18 insertions(+), 9 deletions(-)
>> >
>> > Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
>> > miss a later conversation about this?
>>
>> Hmm.  It seems that it didn't make it into Linus' tree.  Crap.
>>
>> IMO we need some kind of real tracking system for issues reported to
>> security@.
>
> That seems to be my mbox at times :)
>
> But yes, having something "real" might be good if the load gets higher,
> right now it's so low that my "sweep pending security patches" task
> usually catches anything pending, which is rare.

How does one get added to the security@ alias?  We've been carrying
this patch in Fedora for a bit now.  I'd be happy to help track things
given we get distro security bug reports and such.

josh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Andy Lutomirski

On Mon, Jun 9, 2014 at 3:53 PM, Linus Torvalds
 wrote:
> On Mon, Jun 9, 2014 at 3:35 PM, Andy Lutomirski  wrote:
>>
>> Hmm.  It seems that it didn't make it into Linus' tree.  Crap.
>
> I assume that if there is a maintainer who normally sends me stuff by
> git, when I see patches in emails they are just informational
> heads-ups about stuff that is being discussed or pending, and that
> I'll see it later in a pull request. So I just ignore them unless I
> have specific comments, since clearly the emailed patch is just
> informational and/or for comments/acks from others.
>
> The exception is unless it *VERY CLEARLY* says otherwise (as in
> "Linus, can you please take this directly due to xyz").
>
> Because why would somebody send me a patch series sometimes, and git
> trees at other times? That would just be stupid.

In this particular case, it's my patch, and I've never sent you a pull
request.  I sort of assumed that secur...@kernel.org magically caused
acknowledged fixes to end up in your tree.  I'm not sure what I'm
supposed to do here.

Maybe the confusion is because Eric resent the patch?

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Andy Lutomirski

On Mon, Jun 9, 2014 at 3:46 PM, Greg KH  wrote:
> On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
>> On Mon, Jun 9, 2014 at 3:30 PM, Greg KH  wrote:
>> > On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
>> >> From: Andy Lutomirski 
>> >>
>> >> Fixes an easy DoS and possible information disclosure.
>> >>
>> >> This does nothing about the broken state of x32 auditing.
>> >>
>> >> eparis: If the admin has enabled auditd and has specifically loaded audit
>> >> rules.  This bug has been around since before git.  Wow...
>> >>
>> >> Cc: sta...@vger.kernel.org
>> >> Signed-off-by: Andy Lutomirski 
>> >> Signed-off-by: Eric Paris 
>> >> ---
>> >>  kernel/auditsc.c | 27 ++-
>> >>  1 file changed, 18 insertions(+), 9 deletions(-)
>> >
>> > Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
>> > miss a later conversation about this?
>>
>> Hmm.  It seems that it didn't make it into Linus' tree.  Crap.
>>
>> IMO we need some kind of real tracking system for issues reported to
>> security@.
>
> That seems to be my mbox at times :)
>
> But yes, having something "real" might be good if the load gets higher,
> right now it's so low that my "sweep pending security patches" task
> usually catches anything pending, which is rare.
>

There are currently at least two issues that I reported that are stuck
in limbo: this one and the (not-yet-public) vfs thing.  And there's
the CVE-2014-0181 regression fix that almost got forgotten, but that
isn't really a security issue.

And I can't read your mbox :-/

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Linus Torvalds

On Mon, Jun 9, 2014 at 3:35 PM, Andy Lutomirski  wrote:
>
> Hmm.  It seems that it didn't make it into Linus' tree.  Crap.

I assume that if there is a maintainer who normally sends me stuff by
git, when I see patches in emails they are just informational
heads-ups about stuff that is being discussed or pending, and that
I'll see it later in a pull request. So I just ignore them unless I
have specific comments, since clearly the emailed patch is just
informational and/or for comments/acks from others.

The exception is unless it *VERY CLEARLY* says otherwise (as in
"Linus, can you please take this directly due to xyz").

Because why would somebody send me a patch series sometimes, and git
trees at other times? That would just be stupid.

  Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Greg KH

On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
> On Mon, Jun 9, 2014 at 3:30 PM, Greg KH  wrote:
> > On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
> >> From: Andy Lutomirski 
> >>
> >> Fixes an easy DoS and possible information disclosure.
> >>
> >> This does nothing about the broken state of x32 auditing.
> >>
> >> eparis: If the admin has enabled auditd and has specifically loaded audit
> >> rules.  This bug has been around since before git.  Wow...
> >>
> >> Cc: sta...@vger.kernel.org
> >> Signed-off-by: Andy Lutomirski 
> >> Signed-off-by: Eric Paris 
> >> ---
> >>  kernel/auditsc.c | 27 ++-
> >>  1 file changed, 18 insertions(+), 9 deletions(-)
> >
> > Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
> > miss a later conversation about this?
> 
> Hmm.  It seems that it didn't make it into Linus' tree.  Crap.
> 
> IMO we need some kind of real tracking system for issues reported to
> security@.

That seems to be my mbox at times :)

But yes, having something "real" might be good if the load gets higher,
right now it's so low that my "sweep pending security patches" task
usually catches anything pending, which is rare.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Andy Lutomirski

On Mon, Jun 9, 2014 at 3:30 PM, Greg KH  wrote:
> On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
>> From: Andy Lutomirski 
>>
>> Fixes an easy DoS and possible information disclosure.
>>
>> This does nothing about the broken state of x32 auditing.
>>
>> eparis: If the admin has enabled auditd and has specifically loaded audit
>> rules.  This bug has been around since before git.  Wow...
>>
>> Cc: sta...@vger.kernel.org
>> Signed-off-by: Andy Lutomirski 
>> Signed-off-by: Eric Paris 
>> ---
>>  kernel/auditsc.c | 27 ++-
>>  1 file changed, 18 insertions(+), 9 deletions(-)
>
> Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
> miss a later conversation about this?

Hmm.  It seems that it didn't make it into Linus' tree.  Crap.

IMO we need some kind of real tracking system for issues reported to
security@.  This shouldn't have been possible (and if I'd realized
that the patch got dropped, I wouldn't have publicly disclosed it).

For whoever applies this: it's CVE-2014-3917.

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Greg KH

On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
> From: Andy Lutomirski 
> 
> Fixes an easy DoS and possible information disclosure.
> 
> This does nothing about the broken state of x32 auditing.
> 
> eparis: If the admin has enabled auditd and has specifically loaded audit
> rules.  This bug has been around since before git.  Wow...
> 
> Cc: sta...@vger.kernel.org
> Signed-off-by: Andy Lutomirski 
> Signed-off-by: Eric Paris 
> ---
>  kernel/auditsc.c | 27 ++-
>  1 file changed, 18 insertions(+), 9 deletions(-)

Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
miss a later conversation about this?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Greg KH

On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
 From: Andy Lutomirski l...@amacapital.net
 
 Fixes an easy DoS and possible information disclosure.
 
 This does nothing about the broken state of x32 auditing.
 
 eparis: If the admin has enabled auditd and has specifically loaded audit
 rules.  This bug has been around since before git.  Wow...
 
 Cc: sta...@vger.kernel.org
 Signed-off-by: Andy Lutomirski l...@amacapital.net
 Signed-off-by: Eric Paris epa...@redhat.com
 ---
  kernel/auditsc.c | 27 ++-
  1 file changed, 18 insertions(+), 9 deletions(-)

Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
miss a later conversation about this?

thanks,

greg k-h
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Andy Lutomirski

On Mon, Jun 9, 2014 at 3:30 PM, Greg KH gre...@linuxfoundation.org wrote:
 On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
 From: Andy Lutomirski l...@amacapital.net

 Fixes an easy DoS and possible information disclosure.

 This does nothing about the broken state of x32 auditing.

 eparis: If the admin has enabled auditd and has specifically loaded audit
 rules.  This bug has been around since before git.  Wow...

 Cc: sta...@vger.kernel.org
 Signed-off-by: Andy Lutomirski l...@amacapital.net
 Signed-off-by: Eric Paris epa...@redhat.com
 ---
  kernel/auditsc.c | 27 ++-
  1 file changed, 18 insertions(+), 9 deletions(-)

 Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
 miss a later conversation about this?

Hmm.  It seems that it didn't make it into Linus' tree.  Crap.

IMO we need some kind of real tracking system for issues reported to
security@.  This shouldn't have been possible (and if I'd realized
that the patch got dropped, I wouldn't have publicly disclosed it).

For whoever applies this: it's CVE-2014-3917.

--Andy
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Greg KH

On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
 On Mon, Jun 9, 2014 at 3:30 PM, Greg KH gre...@linuxfoundation.org wrote:
  On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
  From: Andy Lutomirski l...@amacapital.net
 
  Fixes an easy DoS and possible information disclosure.
 
  This does nothing about the broken state of x32 auditing.
 
  eparis: If the admin has enabled auditd and has specifically loaded audit
  rules.  This bug has been around since before git.  Wow...
 
  Cc: sta...@vger.kernel.org
  Signed-off-by: Andy Lutomirski l...@amacapital.net
  Signed-off-by: Eric Paris epa...@redhat.com
  ---
   kernel/auditsc.c | 27 ++-
   1 file changed, 18 insertions(+), 9 deletions(-)
 
  Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
  miss a later conversation about this?
 
 Hmm.  It seems that it didn't make it into Linus' tree.  Crap.
 
 IMO we need some kind of real tracking system for issues reported to
 security@.

That seems to be my mbox at times :)

But yes, having something real might be good if the load gets higher,
right now it's so low that my sweep pending security patches task
usually catches anything pending, which is rare.

thanks,

greg k-h
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Linus Torvalds

On Mon, Jun 9, 2014 at 3:35 PM, Andy Lutomirski l...@amacapital.net wrote:

 Hmm.  It seems that it didn't make it into Linus' tree.  Crap.

I assume that if there is a maintainer who normally sends me stuff by
git, when I see patches in emails they are just informational
heads-ups about stuff that is being discussed or pending, and that
I'll see it later in a pull request. So I just ignore them unless I
have specific comments, since clearly the emailed patch is just
informational and/or for comments/acks from others.

The exception is unless it *VERY CLEARLY* says otherwise (as in
Linus, can you please take this directly due to xyz).

Because why would somebody send me a patch series sometimes, and git
trees at other times? That would just be stupid.

  Linus
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Andy Lutomirski

On Mon, Jun 9, 2014 at 3:46 PM, Greg KH gre...@linuxfoundation.org wrote:
 On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
 On Mon, Jun 9, 2014 at 3:30 PM, Greg KH gre...@linuxfoundation.org wrote:
  On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
  From: Andy Lutomirski l...@amacapital.net
 
  Fixes an easy DoS and possible information disclosure.
 
  This does nothing about the broken state of x32 auditing.
 
  eparis: If the admin has enabled auditd and has specifically loaded audit
  rules.  This bug has been around since before git.  Wow...
 
  Cc: sta...@vger.kernel.org
  Signed-off-by: Andy Lutomirski l...@amacapital.net
  Signed-off-by: Eric Paris epa...@redhat.com
  ---
   kernel/auditsc.c | 27 ++-
   1 file changed, 18 insertions(+), 9 deletions(-)
 
  Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
  miss a later conversation about this?

 Hmm.  It seems that it didn't make it into Linus' tree.  Crap.

 IMO we need some kind of real tracking system for issues reported to
 security@.

 That seems to be my mbox at times :)

 But yes, having something real might be good if the load gets higher,
 right now it's so low that my sweep pending security patches task
 usually catches anything pending, which is rare.


There are currently at least two issues that I reported that are stuck
in limbo: this one and the (not-yet-public) vfs thing.  And there's
the CVE-2014-0181 regression fix that almost got forgotten, but that
isn't really a security issue.

And I can't read your mbox :-/

--Andy
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Andy Lutomirski

On Mon, Jun 9, 2014 at 3:53 PM, Linus Torvalds
torva...@linux-foundation.org wrote:
 On Mon, Jun 9, 2014 at 3:35 PM, Andy Lutomirski l...@amacapital.net wrote:

 Hmm.  It seems that it didn't make it into Linus' tree.  Crap.

 I assume that if there is a maintainer who normally sends me stuff by
 git, when I see patches in emails they are just informational
 heads-ups about stuff that is being discussed or pending, and that
 I'll see it later in a pull request. So I just ignore them unless I
 have specific comments, since clearly the emailed patch is just
 informational and/or for comments/acks from others.

 The exception is unless it *VERY CLEARLY* says otherwise (as in
 Linus, can you please take this directly due to xyz).

 Because why would somebody send me a patch series sometimes, and git
 trees at other times? That would just be stupid.

In this particular case, it's my patch, and I've never sent you a pull
request.  I sort of assumed that secur...@kernel.org magically caused
acknowledged fixes to end up in your tree.  I'm not sure what I'm
supposed to do here.

Maybe the confusion is because Eric resent the patch?

--Andy
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Josh Boyer

On Mon, Jun 9, 2014 at 6:46 PM, Greg KH gre...@linuxfoundation.org wrote:
 On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
 On Mon, Jun 9, 2014 at 3:30 PM, Greg KH gre...@linuxfoundation.org wrote:
  On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
  From: Andy Lutomirski l...@amacapital.net
 
  Fixes an easy DoS and possible information disclosure.
 
  This does nothing about the broken state of x32 auditing.
 
  eparis: If the admin has enabled auditd and has specifically loaded audit
  rules.  This bug has been around since before git.  Wow...
 
  Cc: sta...@vger.kernel.org
  Signed-off-by: Andy Lutomirski l...@amacapital.net
  Signed-off-by: Eric Paris epa...@redhat.com
  ---
   kernel/auditsc.c | 27 ++-
   1 file changed, 18 insertions(+), 9 deletions(-)
 
  Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
  miss a later conversation about this?

 Hmm.  It seems that it didn't make it into Linus' tree.  Crap.

 IMO we need some kind of real tracking system for issues reported to
 security@.

 That seems to be my mbox at times :)

 But yes, having something real might be good if the load gets higher,
 right now it's so low that my sweep pending security patches task
 usually catches anything pending, which is rare.

How does one get added to the security@ alias?  We've been carrying
this patch in Fedora for a bit now.  I'd be happy to help track things
given we get distro security bug reports and such.

josh
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Linus Torvalds

On Mon, Jun 9, 2014 at 3:56 PM, Andy Lutomirski l...@amacapital.net wrote:

 In this particular case, it's my patch, and I've never sent you a pull
 request.  I sort of assumed that secur...@kernel.org magically caused
 acknowledged fixes to end up in your tree.  I'm not sure what I'm
 supposed to do here.

 Maybe the confusion is because Eric resent the patch?

So I saw the patch twice in email , but neither time did I get the
feeling that I should apply it. The first time Eric responded to it,
so the maintainer clearly knew about it and was reacting to it, so I
ignored it. The second time Eric resent it as email to various people
and lists, and I didn't react to it because I expected that was again
just for discussion.

So I'm not blaming you as much as Eric. If a maintainer expects me to
pick it up from the email (rather than his usual git pulls), I want
that maintainer to *say* so. Because otherwise, as mentioned, I expect
it to come through the maintainer tree as usual.

  Linus
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Greg KH

On Mon, Jun 09, 2014 at 03:55:20PM -0700, Andy Lutomirski wrote:
 On Mon, Jun 9, 2014 at 3:46 PM, Greg KH gre...@linuxfoundation.org wrote:
  On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
  On Mon, Jun 9, 2014 at 3:30 PM, Greg KH gre...@linuxfoundation.org wrote:
   On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
   From: Andy Lutomirski l...@amacapital.net
  
   Fixes an easy DoS and possible information disclosure.
  
   This does nothing about the broken state of x32 auditing.
  
   eparis: If the admin has enabled auditd and has specifically loaded 
   audit
   rules.  This bug has been around since before git.  Wow...
  
   Cc: sta...@vger.kernel.org
   Signed-off-by: Andy Lutomirski l...@amacapital.net
   Signed-off-by: Eric Paris epa...@redhat.com
   ---
kernel/auditsc.c | 27 ++-
1 file changed, 18 insertions(+), 9 deletions(-)
  
   Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
   miss a later conversation about this?
 
  Hmm.  It seems that it didn't make it into Linus' tree.  Crap.
 
  IMO we need some kind of real tracking system for issues reported to
  security@.
 
  That seems to be my mbox at times :)
 
  But yes, having something real might be good if the load gets higher,
  right now it's so low that my sweep pending security patches task
  usually catches anything pending, which is rare.
 
 
 There are currently at least two issues that I reported that are stuck
 in limbo: this one and the (not-yet-public) vfs thing.

That was next on my list to poke people about...

 And there's the CVE-2014-0181 regression fix that almost got
 forgotten, but that isn't really a security issue.

What is that, where was that reported?

thanks,

greg k-h
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Greg KH

On Mon, Jun 09, 2014 at 07:35:57PM -0400, Josh Boyer wrote:
 On Mon, Jun 9, 2014 at 6:46 PM, Greg KH gre...@linuxfoundation.org wrote:
  On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
  On Mon, Jun 9, 2014 at 3:30 PM, Greg KH gre...@linuxfoundation.org wrote:
   On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
   From: Andy Lutomirski l...@amacapital.net
  
   Fixes an easy DoS and possible information disclosure.
  
   This does nothing about the broken state of x32 auditing.
  
   eparis: If the admin has enabled auditd and has specifically loaded 
   audit
   rules.  This bug has been around since before git.  Wow...
  
   Cc: sta...@vger.kernel.org
   Signed-off-by: Andy Lutomirski l...@amacapital.net
   Signed-off-by: Eric Paris epa...@redhat.com
   ---
kernel/auditsc.c | 27 ++-
1 file changed, 18 insertions(+), 9 deletions(-)
  
   Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
   miss a later conversation about this?
 
  Hmm.  It seems that it didn't make it into Linus' tree.  Crap.
 
  IMO we need some kind of real tracking system for issues reported to
  security@.
 
  That seems to be my mbox at times :)
 
  But yes, having something real might be good if the load gets higher,
  right now it's so low that my sweep pending security patches task
  usually catches anything pending, which is rare.
 
 How does one get added to the security@ alias?  We've been carrying
 this patch in Fedora for a bit now.  I'd be happy to help track things
 given we get distro security bug reports and such.

Just ask on the security@ alias to be added and we can take it from
there.

thanks,

greg k-h
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Andy Lutomirski

On Mon, Jun 9, 2014 at 5:32 PM, Greg KH gre...@linuxfoundation.org wrote:
 On Mon, Jun 09, 2014 at 03:55:20PM -0700, Andy Lutomirski wrote:
 On Mon, Jun 9, 2014 at 3:46 PM, Greg KH gre...@linuxfoundation.org wrote:
  On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
  On Mon, Jun 9, 2014 at 3:30 PM, Greg KH gre...@linuxfoundation.org 
  wrote:
   On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
   From: Andy Lutomirski l...@amacapital.net
  
   Fixes an easy DoS and possible information disclosure.
  
   This does nothing about the broken state of x32 auditing.
  
   eparis: If the admin has enabled auditd and has specifically loaded 
   audit
   rules.  This bug has been around since before git.  Wow...
  
   Cc: sta...@vger.kernel.org
   Signed-off-by: Andy Lutomirski l...@amacapital.net
   Signed-off-by: Eric Paris epa...@redhat.com
   ---
kernel/auditsc.c | 27 ++-
1 file changed, 18 insertions(+), 9 deletions(-)
  
   Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
   miss a later conversation about this?
 
  Hmm.  It seems that it didn't make it into Linus' tree.  Crap.
 
  IMO we need some kind of real tracking system for issues reported to
  security@.
 
  That seems to be my mbox at times :)
 
  But yes, having something real might be good if the load gets higher,
  right now it's so low that my sweep pending security patches task
  usually catches anything pending, which is rare.
 

 There are currently at least two issues that I reported that are stuck
 in limbo: this one and the (not-yet-public) vfs thing.

 That was next on my list to poke people about...

 And there's the CVE-2014-0181 regression fix that almost got
 forgotten, but that isn't really a security issue.

 What is that, where was that reported?

commit 2d7a85f4b06e9c27ff629f07a524c48074f07f81
Author: Eric W. Biederman ebied...@xmission.com
Date:   Fri May 30 11:04:00 2014 -0700

netlink: Only check file credentials for implicit destinations


The security issue got fixed quickly, but the fix turned out to be problematic.

--Andy
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Greg KH

On Mon, Jun 09, 2014 at 05:30:19PM -0700, Andy Lutomirski wrote:
 On Mon, Jun 9, 2014 at 5:32 PM, Greg KH gre...@linuxfoundation.org wrote:
  On Mon, Jun 09, 2014 at 03:55:20PM -0700, Andy Lutomirski wrote:
  On Mon, Jun 9, 2014 at 3:46 PM, Greg KH gre...@linuxfoundation.org wrote:
   On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
   On Mon, Jun 9, 2014 at 3:30 PM, Greg KH gre...@linuxfoundation.org 
   wrote:
On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
From: Andy Lutomirski l...@amacapital.net
   
Fixes an easy DoS and possible information disclosure.
   
This does nothing about the broken state of x32 auditing.
   
eparis: If the admin has enabled auditd and has specifically loaded 
audit
rules.  This bug has been around since before git.  Wow...
   
Cc: sta...@vger.kernel.org
Signed-off-by: Andy Lutomirski l...@amacapital.net
Signed-off-by: Eric Paris epa...@redhat.com
---
 kernel/auditsc.c | 27 ++-
 1 file changed, 18 insertions(+), 9 deletions(-)
   
Did this patch get dropped somewhere?  Isn't it a valid bugfix, or 
did I
miss a later conversation about this?
  
   Hmm.  It seems that it didn't make it into Linus' tree.  Crap.
  
   IMO we need some kind of real tracking system for issues reported to
   security@.
  
   That seems to be my mbox at times :)
  
   But yes, having something real might be good if the load gets higher,
   right now it's so low that my sweep pending security patches task
   usually catches anything pending, which is rare.
  
 
  There are currently at least two issues that I reported that are stuck
  in limbo: this one and the (not-yet-public) vfs thing.
 
  That was next on my list to poke people about...
 
  And there's the CVE-2014-0181 regression fix that almost got
  forgotten, but that isn't really a security issue.
 
  What is that, where was that reported?
 
 commit 2d7a85f4b06e9c27ff629f07a524c48074f07f81
 Author: Eric W. Biederman ebied...@xmission.com
 Date:   Fri May 30 11:04:00 2014 -0700
 
 netlink: Only check file credentials for implicit destinations
 
 
 The security issue got fixed quickly, but the fix turned out to be 
 problematic.

Ah, thanks, I rely on Dave to send me networking stable patches, I'm
sure he's on this...
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Andy Lutomirski

[cc list trimmed, security@ added]

On Mon, Jun 9, 2014 at 5:31 PM, Greg KH gre...@linuxfoundation.org wrote:
 On Mon, Jun 09, 2014 at 07:35:57PM -0400, Josh Boyer wrote:
 On Mon, Jun 9, 2014 at 6:46 PM, Greg KH gre...@linuxfoundation.org wrote:
 
  But yes, having something real might be good if the load gets higher,
  right now it's so low that my sweep pending security patches task
  usually catches anything pending, which is rare.

 How does one get added to the security@ alias?  We've been carrying
 this patch in Fedora for a bit now.  I'd be happy to help track things
 given we get distro security bug reports and such.

 Just ask on the security@ alias to be added and we can take it from
 there.


Would it make sense for there to be someone on the security list who
can assign CVE numbers?

--Andy

-- 
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Greg KH

On Mon, Jun 09, 2014 at 05:51:37PM -0700, Andy Lutomirski wrote:
 [cc list trimmed, security@ added]
 
 On Mon, Jun 9, 2014 at 5:31 PM, Greg KH gre...@linuxfoundation.org wrote:
  On Mon, Jun 09, 2014 at 07:35:57PM -0400, Josh Boyer wrote:
  On Mon, Jun 9, 2014 at 6:46 PM, Greg KH gre...@linuxfoundation.org wrote:
  
   But yes, having something real might be good if the load gets higher,
   right now it's so low that my sweep pending security patches task
   usually catches anything pending, which is rare.
 
  How does one get added to the security@ alias?  We've been carrying
  this patch in Fedora for a bit now.  I'd be happy to help track things
  given we get distro security bug reports and such.
 
  Just ask on the security@ alias to be added and we can take it from
  there.
 
 
 Would it make sense for there to be someone on the security list who
 can assign CVE numbers?

I'm pretty sure we have that already.

thanks,

greg k-h
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Andy Lutomirski

On Mon, Jun 9, 2014 at 7:57 PM, Greg KH gre...@linuxfoundation.org wrote:
 On Mon, Jun 09, 2014 at 05:51:37PM -0700, Andy Lutomirski wrote:
 [cc list trimmed, security@ added]

 On Mon, Jun 9, 2014 at 5:31 PM, Greg KH gre...@linuxfoundation.org wrote:
  On Mon, Jun 09, 2014 at 07:35:57PM -0400, Josh Boyer wrote:
  On Mon, Jun 9, 2014 at 6:46 PM, Greg KH gre...@linuxfoundation.org 
  wrote:
  
   But yes, having something real might be good if the load gets higher,
   right now it's so low that my sweep pending security patches task
   usually catches anything pending, which is rare.
 
  How does one get added to the security@ alias?  We've been carrying
  this patch in Fedora for a bit now.  I'd be happy to help track things
  given we get distro security bug reports and such.
 
  Just ask on the security@ alias to be added and we can take it from
  there.
 

 Would it make sense for there to be someone on the security list who
 can assign CVE numbers?

 I'm pretty sure we have that already.

Let me rephrase the question:

Would it make sense for someone on the security list to assign CVE numbers?

--Andy
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-06-09 Thread Greg KH

On Mon, Jun 09, 2014 at 09:04:16PM -0700, Andy Lutomirski wrote:
 On Mon, Jun 9, 2014 at 7:57 PM, Greg KH gre...@linuxfoundation.org wrote:
  On Mon, Jun 09, 2014 at 05:51:37PM -0700, Andy Lutomirski wrote:
  [cc list trimmed, security@ added]
 
  On Mon, Jun 9, 2014 at 5:31 PM, Greg KH gre...@linuxfoundation.org wrote:
   On Mon, Jun 09, 2014 at 07:35:57PM -0400, Josh Boyer wrote:
   On Mon, Jun 9, 2014 at 6:46 PM, Greg KH gre...@linuxfoundation.org 
   wrote:
   
But yes, having something real might be good if the load gets 
higher,
right now it's so low that my sweep pending security patches task
usually catches anything pending, which is rare.
  
   How does one get added to the security@ alias?  We've been carrying
   this patch in Fedora for a bit now.  I'd be happy to help track things
   given we get distro security bug reports and such.
  
   Just ask on the security@ alias to be added and we can take it from
   there.
  
 
  Would it make sense for there to be someone on the security list who
  can assign CVE numbers?
 
  I'm pretty sure we have that already.
 
 Let me rephrase the question:
 
 Would it make sense for someone on the security list to assign CVE numbers?

If we cared about CVE numbers, maybe :)

Seriously, there are people on the security alias that can get CVE
numbers assigned if needed, so that should not be an issue.  It's
happened in the past from what I can recall.

thanks,

greg k-h
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-05-28 Thread Eric Paris

From: Andy Lutomirski 

Fixes an easy DoS and possible information disclosure.

This does nothing about the broken state of x32 auditing.

eparis: If the admin has enabled auditd and has specifically loaded audit
rules.  This bug has been around since before git.  Wow...

Cc: sta...@vger.kernel.org
Signed-off-by: Andy Lutomirski 
Signed-off-by: Eric Paris 
---
 kernel/auditsc.c | 27 ++-
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 254ce20..842f58a 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -728,6 +728,22 @@ static enum audit_state audit_filter_task(struct 
task_struct *tsk, char **key)
return AUDIT_BUILD_CONTEXT;
 }
 
+static int audit_in_mask(const struct audit_krule *rule, unsigned long val)
+{
+   int word, bit;
+
+   if (val > 0x)
+   return false;
+
+   word = AUDIT_WORD(val);
+   if (word >= AUDIT_BITMASK_SIZE)
+   return false;
+
+   bit = AUDIT_BIT(val);
+
+   return rule->mask[word] & bit;
+}
+
 /* At syscall entry and exit time, this filter is called if the
  * audit_state is not low enough that auditing cannot take place, but is
  * also not high enough that we already know we have to write an audit
@@ -745,11 +761,8 @@ static enum audit_state audit_filter_syscall(struct 
task_struct *tsk,
 
rcu_read_lock();
if (!list_empty(list)) {
-   int word = AUDIT_WORD(ctx->major);
-   int bit  = AUDIT_BIT(ctx->major);
-
list_for_each_entry_rcu(e, list, list) {
-   if ((e->rule.mask[word] & bit) == bit &&
+   if (audit_in_mask(>rule, ctx->major) &&
audit_filter_rules(tsk, >rule, ctx, NULL,
   , false)) {
rcu_read_unlock();
@@ -769,20 +782,16 @@ static enum audit_state audit_filter_syscall(struct 
task_struct *tsk,
 static int audit_filter_inode_name(struct task_struct *tsk,
   struct audit_names *n,
   struct audit_context *ctx) {
-   int word, bit;
int h = audit_hash_ino((u32)n->ino);
struct list_head *list = _inode_hash[h];
struct audit_entry *e;
enum audit_state state;
 
-   word = AUDIT_WORD(ctx->major);
-   bit  = AUDIT_BIT(ctx->major);
-
if (list_empty(list))
return 0;
 
list_for_each_entry_rcu(e, list, list) {
-   if ((e->rule.mask[word] & bit) == bit &&
+   if (audit_in_mask(>rule, ctx->major) &&
audit_filter_rules(tsk, >rule, ctx, n, , false)) {
ctx->current_state = state;
return 1;
-- 
1.9.0

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-05-28 Thread Andy Lutomirski

Fixes an easy DoS and possible information disclosure.

This does nothing about the broken state of x32 auditing.

Cc: sta...@vger.kernel.org
Signed-off-by: Andy Lutomirski 
---
 kernel/auditsc.c | 27 ++-
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index f251a5e..7ccd9db 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -728,6 +728,22 @@ static enum audit_state audit_filter_task(struct 
task_struct *tsk, char **key)
return AUDIT_BUILD_CONTEXT;
 }
 
+static bool audit_in_mask(const struct audit_krule *rule, unsigned long val)
+{
+   int word, bit;
+
+   if (val > 0x)
+   return false;
+
+   word = AUDIT_WORD(val);
+   if (word >= AUDIT_BITMASK_SIZE)
+   return false;
+
+   bit = AUDIT_BIT(val);
+
+   return rule->mask[word] & bit;
+}
+
 /* At syscall entry and exit time, this filter is called if the
  * audit_state is not low enough that auditing cannot take place, but is
  * also not high enough that we already know we have to write an audit
@@ -745,11 +761,8 @@ static enum audit_state audit_filter_syscall(struct 
task_struct *tsk,
 
rcu_read_lock();
if (!list_empty(list)) {
-   int word = AUDIT_WORD(ctx->major);
-   int bit  = AUDIT_BIT(ctx->major);
-
list_for_each_entry_rcu(e, list, list) {
-   if ((e->rule.mask[word] & bit) == bit &&
+   if (audit_in_mask(>rule, ctx->major) &&
audit_filter_rules(tsk, >rule, ctx, NULL,
   , false)) {
rcu_read_unlock();
@@ -769,20 +782,16 @@ static enum audit_state audit_filter_syscall(struct 
task_struct *tsk,
 static int audit_filter_inode_name(struct task_struct *tsk,
   struct audit_names *n,
   struct audit_context *ctx) {
-   int word, bit;
int h = audit_hash_ino((u32)n->ino);
struct list_head *list = _inode_hash[h];
struct audit_entry *e;
enum audit_state state;
 
-   word = AUDIT_WORD(ctx->major);
-   bit  = AUDIT_BIT(ctx->major);
-
if (list_empty(list))
return 0;
 
list_for_each_entry_rcu(e, list, list) {
-   if ((e->rule.mask[word] & bit) == bit &&
+   if (audit_in_mask(>rule, ctx->major) &&
audit_filter_rules(tsk, >rule, ctx, n, , false)) {
ctx->current_state = state;
return 1;
-- 
1.9.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-05-28 Thread Andy Lutomirski

Fixes an easy DoS and possible information disclosure.

This does nothing about the broken state of x32 auditing.

Cc: sta...@vger.kernel.org
Signed-off-by: Andy Lutomirski l...@amacapital.net
---
 kernel/auditsc.c | 27 ++-
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index f251a5e..7ccd9db 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -728,6 +728,22 @@ static enum audit_state audit_filter_task(struct 
task_struct *tsk, char **key)
return AUDIT_BUILD_CONTEXT;
 }
 
+static bool audit_in_mask(const struct audit_krule *rule, unsigned long val)
+{
+   int word, bit;
+
+   if (val  0x)
+   return false;
+
+   word = AUDIT_WORD(val);
+   if (word = AUDIT_BITMASK_SIZE)
+   return false;
+
+   bit = AUDIT_BIT(val);
+
+   return rule-mask[word]  bit;
+}
+
 /* At syscall entry and exit time, this filter is called if the
  * audit_state is not low enough that auditing cannot take place, but is
  * also not high enough that we already know we have to write an audit
@@ -745,11 +761,8 @@ static enum audit_state audit_filter_syscall(struct 
task_struct *tsk,
 
rcu_read_lock();
if (!list_empty(list)) {
-   int word = AUDIT_WORD(ctx-major);
-   int bit  = AUDIT_BIT(ctx-major);
-
list_for_each_entry_rcu(e, list, list) {
-   if ((e-rule.mask[word]  bit) == bit 
+   if (audit_in_mask(e-rule, ctx-major) 
audit_filter_rules(tsk, e-rule, ctx, NULL,
   state, false)) {
rcu_read_unlock();
@@ -769,20 +782,16 @@ static enum audit_state audit_filter_syscall(struct 
task_struct *tsk,
 static int audit_filter_inode_name(struct task_struct *tsk,
   struct audit_names *n,
   struct audit_context *ctx) {
-   int word, bit;
int h = audit_hash_ino((u32)n-ino);
struct list_head *list = audit_inode_hash[h];
struct audit_entry *e;
enum audit_state state;
 
-   word = AUDIT_WORD(ctx-major);
-   bit  = AUDIT_BIT(ctx-major);
-
if (list_empty(list))
return 0;
 
list_for_each_entry_rcu(e, list, list) {
-   if ((e-rule.mask[word]  bit) == bit 
+   if (audit_in_mask(e-rule, ctx-major) 
audit_filter_rules(tsk, e-rule, ctx, n, state, false)) {
ctx-current_state = state;
return 1;
-- 
1.9.3

--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking

2014-05-28 Thread Eric Paris

From: Andy Lutomirski l...@amacapital.net

Fixes an easy DoS and possible information disclosure.

This does nothing about the broken state of x32 auditing.

eparis: If the admin has enabled auditd and has specifically loaded audit
rules.  This bug has been around since before git.  Wow...

Cc: sta...@vger.kernel.org
Signed-off-by: Andy Lutomirski l...@amacapital.net
Signed-off-by: Eric Paris epa...@redhat.com
---
 kernel/auditsc.c | 27 ++-
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 254ce20..842f58a 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -728,6 +728,22 @@ static enum audit_state audit_filter_task(struct 
task_struct *tsk, char **key)
return AUDIT_BUILD_CONTEXT;
 }
 
+static int audit_in_mask(const struct audit_krule *rule, unsigned long val)
+{
+   int word, bit;
+
+   if (val  0x)
+   return false;
+
+   word = AUDIT_WORD(val);
+   if (word = AUDIT_BITMASK_SIZE)
+   return false;
+
+   bit = AUDIT_BIT(val);
+
+   return rule-mask[word]  bit;
+}
+
 /* At syscall entry and exit time, this filter is called if the
  * audit_state is not low enough that auditing cannot take place, but is
  * also not high enough that we already know we have to write an audit
@@ -745,11 +761,8 @@ static enum audit_state audit_filter_syscall(struct 
task_struct *tsk,
 
rcu_read_lock();
if (!list_empty(list)) {
-   int word = AUDIT_WORD(ctx-major);
-   int bit  = AUDIT_BIT(ctx-major);
-
list_for_each_entry_rcu(e, list, list) {
-   if ((e-rule.mask[word]  bit) == bit 
+   if (audit_in_mask(e-rule, ctx-major) 
audit_filter_rules(tsk, e-rule, ctx, NULL,
   state, false)) {
rcu_read_unlock();
@@ -769,20 +782,16 @@ static enum audit_state audit_filter_syscall(struct 
task_struct *tsk,
 static int audit_filter_inode_name(struct task_struct *tsk,
   struct audit_names *n,
   struct audit_context *ctx) {
-   int word, bit;
int h = audit_hash_ino((u32)n-ino);
struct list_head *list = audit_inode_hash[h];
struct audit_entry *e;
enum audit_state state;
 
-   word = AUDIT_WORD(ctx-major);
-   bit  = AUDIT_BIT(ctx-major);
-
if (list_empty(list))
return 0;
 
list_for_each_entry_rcu(e, list, list) {
-   if ((e-rule.mask[word]  bit) == bit 
+   if (audit_in_mask(e-rule, ctx-major) 
audit_filter_rules(tsk, e-rule, ctx, n, state, false)) {
ctx-current_state = state;
return 1;
-- 
1.9.0

--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

42 matches

Mail list logo