Re: Check all returns from audit_log_start
On Thu, Sep 06, 2012 at 11:47:49AM -0400, Dave Jones wrote: > > Not certain because I haven't looked at what happens with the error > > code, but I think this might not be right. auditd can be explictly > > told not to audit certain events, in which case it is normal and > > expected that ab would come back NULL > > Ugh, that's a lot messier to have to audit every function that gets > passed 'ab' to make sure it has a NULL check, but ok I'll go look at it. > > hopefully audit_log_link_denied was a one off. ok, from a quick look-over, that does seem to be the case. This still feels like a nasty trap waiting for someone to walk into again though. Dave -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Check all returns from audit_log_start
On Thu, Sep 06, 2012 at 11:36:06AM -0400, Eric Paris wrote: > On Thu, Sep 6, 2012 at 11:08 AM, Dave Jones wrote: > > Following on from the previous patch that fixed an oops, these > > are all the other similar code patterns in the tree with the same > > checks added. I never saw these causing problems, but checking > > this everywhere seems to make more sense than every subsequent > > routine that gets passed 'ab' having to check it. > > > > Later we could remove all those same checks from audit_log_format > > and friends. For now, this just prevents similar bugs being introduced > > as the one in my previous patch. > > > > Signed-off-by: Dave Jones > > Not certain because I haven't looked at what happens with the error > code, but I think this might not be right. auditd can be explictly > told not to audit certain events, in which case it is normal and > expected that ab would come back NULL Ugh, that's a lot messier to have to audit every function that gets passed 'ab' to make sure it has a NULL check, but ok I'll go look at it. hopefully audit_log_link_denied was a one off. Dave -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Check all returns from audit_log_start
On Thu, Sep 6, 2012 at 11:08 AM, Dave Jones wrote: > Following on from the previous patch that fixed an oops, these > are all the other similar code patterns in the tree with the same > checks added. I never saw these causing problems, but checking > this everywhere seems to make more sense than every subsequent > routine that gets passed 'ab' having to check it. > > Later we could remove all those same checks from audit_log_format > and friends. For now, this just prevents similar bugs being introduced > as the one in my previous patch. > > Signed-off-by: Dave Jones Not certain because I haven't looked at what happens with the error code, but I think this might not be right. auditd can be explictly told not to audit certain events, in which case it is normal and expected that ab would come back NULL -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/