Re: linux-next: manual merge of the audit tree with Linus' tree

On Wed, 2014-04-16 at 14:02 +1000, Stephen Rothwell wrote: You could have avoided this by doing a fast forward merge of v3.15-rc1 instead of the v3.14 merge (since everything in your tree before that merge was also in Linus' tree by v3.15-rc1). This is a situation I've never really known the

[GIT PULL] Audit subsystem for v3.15

) AKASHI Takahiro (2): audit: Add CONFIG_HAVE_ARCH_AUDITSYSCALL audit: Add generic compat syscall support Chris Metcalf (1): AUDIT: make audit_is_compat depend on CONFIG_AUDIT_COMPAT_GENERIC Eric Paris (7): audit: include subject

Re: [GIT PULL] Audit subsystem for v3.15

to the MIPS people. I hope that you can apply it as part of the merge itself... On Thu, 2014-04-10 at 19:53 -0400, Eric Paris wrote: Linus, Please pull the audit tree for v3.15. You will have merge conflicts. I'll publish my branch merge-test where I attempted to resolve them the way you

Re: [git bisect regression 3.15-rc1] NULL ptr deref in ichx_gpio_probe

A tad more information. I did a build of-rc1 with the GPIO_ICH module built in so I could use addr2line to help you run it down. No idea if this is actually useful for you... $ addr2line --inline --exe=vmlinux 813fc4e0 /storage/kernel/ichx-rebase/drivers/gpio/gpio-ich.c:388

[PATCH for v3.14] AUDIT: Allow login in non-init namespaces

an...@tomt.net Reported-by: Adam Richter adam_richter2...@yahoo.com Signed-off-by: Eric Paris epa...@redhat.com --- kernel/audit.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/kernel/audit.c b/kernel/audit.c index 3392d3e..95a20f3 100644 --- a/kernel/audit.c

Re: [PATCH] integrity: get comm using lock to avoid race in string printing

On Wed, 2014-04-02 at 14:12 -0400, Mimi Zohar wrote: On Wed, 2014-04-02 at 14:00 -0400, Steve Grubb wrote: Hello Mimi, On Wednesday, April 02, 2014 01:39:47 PM Mimi Zohar wrote: This change is already being upstreamed as commit 73a6b44 Integrity: Pass commname via get_task_comm().

Re: [PATCH 2/3] [RFC] seccomp: give BPF x32 bit when restoring x32 filter

On Fri, 2014-07-11 at 12:11 -0400, Paul Moore wrote: On Thursday, July 10, 2014 09:06:02 PM H. Peter Anvin wrote: Incidentally: do seccomp users know that on an x86-64 system you can recevie system calls from any of the x86 architectures, regardless of how the program is invoked? (This is

Re: [PATCH 2/3] [RFC] seccomp: give BPF x32 bit when restoring x32 filter

On Fri, 2014-07-11 at 12:21 -0400, Paul Moore wrote: On Friday, July 11, 2014 12:16:47 PM Eric Paris wrote: On Fri, 2014-07-11 at 12:11 -0400, Paul Moore wrote: On Thursday, July 10, 2014 09:06:02 PM H. Peter Anvin wrote: Incidentally: do seccomp users know that on an x86-64 system you

Re: [PATCH 2/3] [RFC] seccomp: give BPF x32 bit when restoring x32 filter

On Fri, 2014-07-11 at 12:32 -0400, Paul Moore wrote: On Friday, July 11, 2014 12:23:33 PM Eric Paris wrote: On Fri, 2014-07-11 at 12:21 -0400, Paul Moore wrote: On Friday, July 11, 2014 12:16:47 PM Eric Paris wrote: On Fri, 2014-07-11 at 12:11 -0400, Paul Moore wrote: On Thursday

[PATCH] CAPABILITIES: remove undefined caps from all processes

won't get them in any other task either. Signed-off-by: Eric Paris epa...@redhat.com Cc: Andrew Vagin ava...@openvz.org Cc: Andrew G. Morgan mor...@kernel.org Cc: Serge E. Hallyn serge.hal...@canonical.com Cc: Kees Cook keesc...@chromium.org Cc: Steve Grubb sgr...@redhat.com Cc: Dan Walsh dwa

Re: [PATCH] audit: listen in all network namespaces

On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote: On 07/17/2013 04:32 AM, Richard Guy Briggs wrote: Convert audit from only listening in init_net to use register_pernet_subsys() to dynamically manage the netlink socket list. Signed-off-by: Richard Guy Briggs r...@redhat.com ---

Re: [PATCH] audit: listen in all network namespaces

On Fri, 2013-12-20 at 10:46 +0800, Gao feng wrote: On 12/20/2013 02:40 AM, Eric Paris wrote: On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote: On 07/17/2013 04:32 AM, Richard Guy Briggs wrote: we have to store audit_sock into auditns(auditns will be passed to kauditd_send_skb

Re: [PATCH] Security: List corruption occured during file system automation test

Do you have a backtrace? On Wed, Aug 13, 2014 at 8:30 AM, Al Viro v...@zeniv.linux.org.uk wrote: On Wed, Aug 13, 2014 at 05:04:13PM +0530, shivnanda...@samsung.com wrote: From: Shivnandan Kumar shivnanda...@samsung.com List element was freed by inode_free_security and then it uses rcu

[PATCH] CAPABILITIES: remove undefined caps from all processes

. This lets 'capsh --caps=all=eip -- -c /bin/bash' run. 4) mask out undefined bit when we read a file capability off of disk as again likely all bits are set in the xattr for forward/backward compatibility. This lets 'setcap all+pe /bin/bash; /bin/bash' run Signed-off-by: Eric

Re: [PATCH] CAPABILITIES: remove undefined caps from all processes

On Wed, 2014-07-23 at 13:46 -0700, Andy Lutomirski wrote: On 07/23/2014 12:36 PM, Eric Paris wrote: This is effectively a revert of 7b9a7ec565505699f503b4fcf61500dceb36e744 plus fixing it a different way... You sent something like this a couple days ago. What changed? right when I sent

[PATCH] i386/audit: stop scribbling on the stack frame

need to do is get that now useless junk off the stack (pair of pops) and reload %eax with the original syscall so other stuff can keep going about it's business. Signed-off-by: Eric Paris epa...@redhat.com Cc: Thomas Gleixner t...@linutronix.de Cc: Ingo Molnar mi...@redhat.com Cc: H. Peter Anvin h

Re: [PATCH] i386/audit: stop scribbling on the stack frame

On Thu, 2014-10-23 at 11:39 -0700, Andy Lutomirski wrote: On 10/22/2014 09:04 PM, Eric Paris wrote: git commit b4f0d3755c5e9cc86292d5fd78261903b4f23d4a was very very dumb. It was writing over %esp/pt_regs semi-randomly on i686 with the expected system can't boot results. As noted

Re: [PATCH] i386/audit: stop scribbling on the stack frame

On Thu, 2014-10-23 at 15:30 -0400, Eric Paris wrote: On Thu, 2014-10-23 at 12:20 -0700, Andy Lutomirski wrote: On Thu, Oct 23, 2014 at 12:15 PM, Eric Paris epa...@redhat.com wrote: On Thu, 2014-10-23 at 11:39 -0700, Andy Lutomirski wrote: On 10/22/2014 09:04 PM, Eric Paris wrote: git

Re: [PATCH] i386/audit: stop scribbling on the stack frame

On Thu, 2014-10-23 at 12:20 -0700, Andy Lutomirski wrote: On Thu, Oct 23, 2014 at 12:15 PM, Eric Paris epa...@redhat.com wrote: On Thu, 2014-10-23 at 11:39 -0700, Andy Lutomirski wrote: On 10/22/2014 09:04 PM, Eric Paris wrote: git commit b4f0d3755c5e9cc86292d5fd78261903b4f23d4a was very

[GIT PULL] Audit changes for 3.18

() Burn Alting (1): audit: invalid op= values for rules Eric Paris (11): audit: drop unused struct audit_rule definition SH: define syscall_get_arch() for superh UM: implement syscall_get_arch() Alpha: define syscall_get_arch() ARCH: AUDIT: implement

Re: [PATCH V5 0/5] audit by executable name

On Mon, 2014-10-20 at 16:25 -0400, Steve Grubb wrote: On Thursday, October 02, 2014 11:06:51 PM Richard Guy Briggs wrote: This is a part of Peter Moody, my and Eric Paris' work to implement audit by executable name. Does this patch set define an AUDIT_VERSION_SOMETHING and then set

Re: [PATCH 2/2] fs: Support compiling out sendfile

On Tue, 2014-10-21 at 10:18 -0700, j...@joshtriplett.org wrote: On Tue, Oct 21, 2014 at 08:37:00AM -0700, H. Peter Anvin wrote: On 10/20/2014 02:48 PM, Pieter Smith wrote: Many embedded systems will not need this syscall, and omitting it saves space. Add a new EXPERT config option

Re: [PATCH] audit: add Paul Moore to the MAINTAINERS entry

Moore pmo...@redhat.com Acked-by: Eric Paris epa...@redhat.com --- MAINTAINERS |5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index c2066f4..86c24fd 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -1689,10 +1689,11 @@ S:Supported

Re: [PATCH V5 0/5] audit by executable name

On Tue, 2014-10-21 at 17:56 -0400, Paul Moore wrote: * Change the audit_status.version field comment in include/uapi/linux/audit.h to /* audit functionality bitmap */, or similar. We can't really change the structure now, but the comment is fair game. Trying to think how to do things

Re: [RFC][PATCH] audit: log join and part events to the read-only multicast log socket

On Tue, 2014-10-21 at 17:08 -0400, Richard Guy Briggs wrote: On 14/10/21, Steve Grubb wrote: On Tuesday, October 07, 2014 03:03:14 PM Eric Paris wrote: On Tue, 2014-10-07 at 14:23 -0400, Richard Guy Briggs wrote: Log the event when a client attempts to connect to the netlink audit

Re: Regression: audit: x86: drop arch from __audit_syscall_entry() interface

That's really serious. Looking now. On Wed, 2014-10-22 at 16:08 -0200, Paulo Zanoni wrote: Hi (Cc'ing everybody mentioned in the original patch) I work for Intel, on our Linux Graphics driver - aka i915.ko - and our QA team recently reported a regression on: commit

Re: Regression: audit: x86: drop arch from __audit_syscall_entry() interface

On Wed, 2014-10-22 at 23:36 +0200, Thomas Gleixner wrote: On Wed, 22 Oct 2014, Eric Paris wrote: That's really serious. Looking now. Indeed its serious. And it's even more serious as this masterpiece of assembly wreckage was pulled in via your tree w/o having an acked-by one of the x86

Re: Regression: audit: x86: drop arch from __audit_syscall_entry() interface

On Wed, 2014-10-22 at 14:43 -0700, H. Peter Anvin wrote: On 10/22/2014 02:38 PM, Eric Paris wrote: It was sent, numerous times, to the x86 list for reviews, and lived in -next for 2 complete devel cycles without a complaint. I'm trying to get an i386 system to test a fix. But yes, it's

Re: Regression: audit: x86: drop arch from __audit_syscall_entry() interface

On Wed, 2014-10-22 at 14:43 -0700, H. Peter Anvin wrote: On 10/22/2014 02:38 PM, Eric Paris wrote: It was sent, numerous times, to the x86 list for reviews, and lived in -next for 2 complete devel cycles without a complaint. I'm trying to get an i386 system to test a fix. But yes, it's

Re: [RFC][PATCH] audit: log join and part events to the read-only multicast log socket

On Tue, 2014-10-07 at 14:23 -0400, Richard Guy Briggs wrote: Log the event when a client attempts to connect to the netlink audit multicast socket, requiring CAP_AUDIT_READ capability, binding to the AUDIT_NLGRP_READLOG group. Log the disconnect too. Sample output: time-Tue Oct 7

Re: [PATCH] i386/audit: stop scribbling on the stack frame

that now useless junk off the stack (pair of pops) and reload %eax with the original syscall so other stuff can keep going about it's business. Reported-by: Paulo Zanoni przan...@gmail.com Signed-off-by: Eric Paris epa...@redhat.com Signed-off-by: Richard Guy Briggs r...@redhat.com Cc

Re: [PATCH] i386/audit: stop scribbling on the stack frame

On Mon, 2014-10-27 at 10:02 -0700, H. Peter Anvin wrote: On 10/27/2014 06:55 AM, Eric Paris wrote: My patch was already committed to the -tip urgent branch. I believe any optimization should be based on that branch, Richard. If you are trying to wrangle every bit of speed out

Re: [PATCH] i386/audit: stop scribbling on the stack frame

On Mon, 2014-10-27 at 21:52 +0100, Thomas Gleixner wrote: On Sun, 26 Oct 2014, Richard Guy Briggs wrote: diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S index b553ed8..344b63f 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -447,15

Re: sparc: Clashing values for O_PATH and FMODE_NONOTIFY?

On Thu, 2014-11-20 at 12:12 +, David Drysdale wrote: [+linux-fsdevel, without the typo this time] On Wed, Nov 19, 2014 at 8:30 PM, David Miller da...@davemloft.net wrote: From: David Drysdale drysd...@google.com Date: Tue, 18 Nov 2014 13:13:51 + Hi folks, It looks like the

Re: linux-next: New build failures in Sep 25 tree

On Fri, 2014-09-26 at 06:32 -0700, Guenter Roeck wrote: On 09/26/2014 12:59 AM, Stefan Kristiansson wrote: On Fri, Sep 26, 2014 at 08:30:57AM +0200, Geert Uytterhoeven wrote: Hi Günther, [cc openrisc] On Thu, Sep 25, 2014 at 10:25 PM, Guenter Roeck li...@roeck-us.net wrote: New

Re: [PATCH v2] next: openrisc: Fix build

/openrisc/include/asm/syscall.h: In function 'syscall_get_arch': ./arch/openrisc/include/asm/syscall.h:77:9: error: 'EM_OPENRISC' undeclared Fix by moving EM_OPENRISC to include/uapi/linux/elf-em.h. Fixes: ce5d112827e5 (ARCH: AUDIT: implement syscall_get_arch for all arches) Cc: Eric Paris epa

Re: fanotify bug on gdb -- hard crash

Why are you setting FAN_OPEN_PERM and then not responding to perm requests? Of course the system is going to appear locked, until you start responding to open events, remove that mark, or close the fanotify fd... -Eric On Fri, 2014-12-26 at 19:40 +0100, Heinrich Schuchardt wrote: Hello Ivo,

Re: fanotify bug on gdb -- hard crash

Finance Review, http://www.critical-finance-review.org/ On Mon, Dec 29, 2014 at 7:13 AM, Eric Paris epa...@redhat.com wrote: Why are you setting FAN_OPEN_PERM and then not responding to perm requests? Of course the system is going to appear locked, until

Re: fanotify bug on gdb -- hard crash

On Mon, 2014-12-29 at 13:06 +0800, ivo welch wrote: thank you, eric. will do. I read up on it above and now understand it better. Great let us know if it keeps giving you trouble! the example in the man page seems somewhat misfortunate. I would use an example that does not, by default,

Re: linux-next 20141216 BUG: sleeping function called from invalid context at mm/slab.c:2849

On Thu, 2014-12-18 at 11:45 -0500, valdis.kletni...@vt.edu wrote: On Tue, 16 Dec 2014 20:09:54 -0500, Valdis Kletnieks said: Spotted these two while booting single-user on 20141216. 20141208 doesn't throw these, so it's something in the last week or so.. Gaah! Turns out that 20141208

Re: linux-next 20141216 BUG: sleeping function called from invalid context at mm/slab.c:2849

On Thu, 2014-12-18 at 12:46 -0500, Richard Guy Briggs wrote: On 14/12/18, Eric Paris wrote: On Thu, 2014-12-18 at 11:45 -0500, valdis.kletni...@vt.edu wrote: On Tue, 16 Dec 2014 20:09:54 -0500, Valdis Kletnieks said: Spotted these two while booting single-user on 20141216. 20141208

Re: linux-next 20141216 BUG: sleeping function called from invalid context at mm/slab.c:2849

On Thu, 2014-12-18 at 13:44 -0500, Richard Guy Briggs wrote: On 14/12/18, Eric Paris wrote: On Thu, 2014-12-18 at 12:46 -0500, Richard Guy Briggs wrote: On 14/12/18, Eric Paris wrote: On Thu, 2014-12-18 at 11:45 -0500, valdis.kletni...@vt.edu wrote: On Tue, 16 Dec 2014 20:09:54

Re: linux-next 20141216 BUG: sleeping function called from invalid context at mm/slab.c:2849

I haven't looked into it, but I'd place my first bet on the audit multicast code... Richard? On Tue, 2014-12-16 at 20:09 -0500, Valdis Kletnieks wrote: Not sure who's to blame here, but I'm tending towards selinux based on who was holding the locks... Spotted these two while booting

Re: [PATCH 2/7] audit: cull redundancy in audit_rule_change

On Thu, 2014-10-02 at 22:05 -0400, Richard Guy Briggs wrote: Re-factor audit_rule_change() to reduce the amount of code redundancy and simplify the logic. Signed-off-by: Richard Guy Briggs r...@redhat.com --- kernel/auditfilter.c | 20 +++- 1 files changed, 7

Re: [PATCH 3/7] audit: eliminate string copy for new tree rules

On Thu, 2014-10-02 at 22:05 -0400, Richard Guy Briggs wrote: New tree rules copy the path twice and discard the intermediary copy. This saves one pointer at the expense of one path string copy. Signed-off-by: Richard Guy Briggs r...@redhat.com --- kernel/audit_tree.c |9 +

Re: [PATCH 4/7] audit: optimize add to parent skipping needless search and consuming parent ref

On Thu, 2014-10-02 at 22:05 -0400, Richard Guy Briggs wrote: When parent has just been created there is no need to search for the parent in the list. Add a parameter to skip the search Since the parent was just allocated, and thus has an empty list, this search is just as fast as the check

Re: [PATCH 5/7] audit: remove redundant watch refcount

Having a hard time convincing myself of the next 2... Doesn't mean they're wrong or bad, but my brain isn't seeing it today... On Thu, 2014-10-02 at 22:05 -0400, Richard Guy Briggs wrote: Remove extra layer of audit_{get,put}_watch() calls. Signed-off-by: Richard Guy Briggs r...@redhat.com

Re: [PATCH] audit_tree: keep inode pinned

[adding paul and richard] On Tue, 2014-11-04 at 11:27 +0100, Miklos Szeredi wrote: From: Miklos Szeredi mszer...@suse.cz Audit rules disappear when an inode they watch is evicted from the cache. This is likely not what we want. The guilty commit is fsnotify: allow marks to not pin inodes

Re: [PATCH] Selinux/hooks.c: Fix a NULL pointer dereference caused by semop()

What kernel version was this? Didn't we have this problem and solve it upstream some time ago? IPC could be allocated with a valid security context, the ipc would be freed. the isec was free'd syncronously, but then the ipc could stick around until some rcu period or some usage flag got to 0,

Re: [RFCv2][PATCH 1/7] fs: optimize inotify/fsnotify code for unwatched files

-foundation.org Cc: Jan Kara j...@suse.cz Cc: Al Viro v...@zeniv.linux.org.uk Cc: Eric Paris epa...@redhat.com Cc: John McCutchan j...@johnmccutchan.com Cc: Robert Love rl...@rlove.org Cc: Tim Chen tim.c.c...@linux.intel.com Cc: Andi Kleen a...@linux.intel.com Cc: linux-kernel@vger.kernel.org --- b

Re: [PATCH v2] selinux: reduce locking overhead in inode_free_security()

On Fri, 2015-06-12 at 08:31 -0400, Stephen Smalley wrote: On 06/12/2015 02:26 AM, Raghavendra K T wrote: On 06/12/2015 03:01 AM, Waiman Long wrote: The inode_free_security() function just took the superblock's isec_lock before checking and trying to remove the inode security struct

Re: [PATCH v2] selinux: reduce locking overhead in inode_free_security()

On Sat, 2015-06-13 at 10:35 +0300, Yury wrote: On 13.06.2015 01:35, Waiman Long wrote: On 06/12/2015 08:31 AM, Stephen Smalley wrote: On 06/12/2015 02:26 AM, Raghavendra K T wrote: On 06/12/2015 03:01 AM, Waiman Long wrote: The inode_free_security() function just took the

Re: [PATCH V6 4/4] audit: avoid double copying the audit_exe path string

I have to admit, I'm partial to not merging this (with the other patches). Changing object lifetimes in what i seem to remember is long standing code (auditfilter, not auditexe) seems to me like something we really would want to be git bisectable, not mushed with an unrelated feature addition.

Re: Linux Firmware Signing

On Mon, 2015-08-31 at 22:52 -0400, Paul Moore wrote: > On Fri, Aug 28, 2015 at 10:03 PM, Luis R. Rodriguez > wrote: > > On Fri, Aug 28, 2015 at 06:26:05PM -0400, Paul Moore wrote: > > > On Fri, Aug 28, 2015 at 7:20 AM, Roberts, William C > > > wrote:

Re: [PATCH V1] audit: add warning that an old auditd may be starved out by a new auditd

This is already going to be in the audit log, right? We're going to send a CONFIG_CHANGE record with old_pid == the existing auditd. I bet it gets delivered to the old auditd. But why is this a printk(KERN_WARN) ? On Mon, 2015-09-07 at 12:48 -0400, Richard Guy Briggs wrote: > Nothing prevents a

Re: [PATCH] inotify: actually check for invalid bits in sys_inotify_add_watch()

Looks fine to me. And usually akpm picks them up these days. On Wed, 2015-09-09 at 14:59 -0700, Dave Hansen wrote: > On 06/30/2015 10:36 AM, Dave Hansen wrote: > > From: Dave Hansen > > > > The comment here says that it is checking for invalid bits. But, > > the

Re: [PATCH] inotify: hide internal kernel bits from fdinfo

Acked-by: Eric Paris <epa...@redhat.com> On Mon, 2015-09-21 at 11:45 -0700, Dave Hansen wrote: > From: Dave Hansen <dave.han...@linux.intel.com> > > There was a report that my patch: > > inotify: actually check for invalid bits in > sys_inotify_add_watch() &g

Re: [PATCH] audit: Don't spam logs with SECCOMP_KILL/RET_ERRNO by default

ays reaches a SECCOMP_KILL or more likely > > SECCOMP_RET_ERRNO in the rule set. > > > > The seccomp auditing was originally added by Eric with > > > > commit 85e7bac33b8d5edafc4e219c7dfdb3d48e0b4e31 > > Author: Eric Paris <epa...@redhat.com> > > Dat

Re: [PATCH] Honor mmap_min_addr with the actual minimum

On Wed, 2016-05-11 at 14:54 +0200, Hector Marco-Gisbert wrote: > > El 21/04/16 a las 00:12, Kees Cook escribió: > > On Tue, Apr 19, 2016 at 11:55 AM, Hector Marco-Gisbert > v.es> wrote: > > > > On Wed, Apr 6, 2016 at 12:07 PM, Hector Marco-Gisbert > > > @upv.es> wrote: > > > > >

Re: [PATCH 00/46] SELinux: Fine-tuning for several function implementations

All of the patches look good to me except most of those which change the handling of `rc=`. I have a personal style preference for rc = -ENOMEM; val = kalloc(); if (!val) goto err; vs val = kalloc(); if (!val) { rc = -ENOMEM; goto err; } because it saves 1 line and I think the compiler

Re: [PATCH 4/4] kernel:audit.c fixed a coding style issue

On Tue, 2017-02-28 at 21:49 +, Joan Jani wrote: > This patch fixes the following checkpath.pl warning >  WARNING: Block comments use a trailing */ on a separate line > > like > > kernel/audit.c:135: WARNING: Block comments use a trailing */ on a > separate line > kernel/audit.c:170: WARNING:

Re: [PATCH V2] audit: log 32-bit socketcalls

On Fri, 2017-01-13 at 04:51 -0500, Richard Guy Briggs wrote: > 32-bit socketcalls were not being logged by audit on x86_64 systems. > Log them.  This is basically a duplicate of the call from > net/socket.c:sys_socketcall(), but it addresses the impedance > mismatch > between 32-bit userspace

Re: [PATCH V2] audit: log 32-bit socketcalls

On Fri, 2017-01-13 at 10:06 -0500, Richard Guy Briggs wrote: > On 2017-01-13 09:42, Eric Paris wrote: > > On Fri, 2017-01-13 at 04:51 -0500, Richard Guy Briggs wrote: > > > diff --git a/include/linux/audit.h b/include/linux/audit.h > > > index 9d4443f..43d8003 10064

Re: RFC(v2): Audit Kernel Container IDs

On Sat, 2017-12-09 at 10:28 -0800, Casey Schaufler wrote: > On 12/9/2017 2:20 AM, Micka�l Sala�n wrote: > > What about automatically create > > and assign an ID to a process when it enters a namespace different > > than > > one of its parent process? This delegates the (permission) > >

Re: [PATCH] audit: return on memory error to avoid null pointer dereference

I think if we went back and looked at history we'd see that all of the code originally had none of the if(!ab) checks after allocation and they just sorta slowly crept in over time. I prefer this pattern, but it used to be the opposite everywhere. On Wed, 2018-02-21 at 19:02 -0500, Paul Moore

[RFC] make reading /proc/sys/kernel/cap-bould not require CAP_SYS_MODULE

Reading /proc/sys/kernel/cap-bound requires CAP_SYS_MODULE. (see proc_dointvec_bset in kernel/sysctl.c) sysctl appears to drive all over proc reading everything it can get it's hands on and is complaining when it is being denied access to read cap-bound. Clearly writing to cap-bound should be a

[PATCH] hfs: correct return value in hfs_fill_super()

and the s_root in the superblock struct is still 0 (since it was initialized that way). Later when SELinux actually tries to use the super block s_root we panic since we are trying to deference a null pointer. Signed-off-by: Eric Paris <[EMAIL PROTECTED]> fs/hfs/super.c |1 + 1 files c

Re: [PATCH] hfs: correct return value in hfs_fill_super()

On Thu, 2006-11-16 at 17:18 -0500, Eric Paris wrote: > When an invalid hfs filesystem image is mounted it may cause a number of > different oops. One filesystem image which triggers this problem can be > found at: > Whoops, appears to be the same as the post from Eric Sandee

[PATCH] xfrm_policy delete security check misplaced

the initialization would cause err to be ENOENT. But since err has since been used above when we don't get a policy back from the xfrm_policy_by* function we would always return 0 instead of the intended ENOENT. Also fixed some white space damage in the same area. Signed-off-by: Eric Paris <[EMAIL PROTEC

[PATCH] Add xfrm policy change auditing to pfkey_spdget

pfkey_spdget neither had an LSM security hook nor auditing for the removal of xfrm_policy structs. The security hook was added when it was moved into xfrm_policy_byid instead of the callers to that function by my earlier patch and this patch adds the auditing hooks as well. Signed-off-by: Eric

[PATCH] xfrm audit hook misplaced in pfkey_delete and xfrm_del_sa

(and successes) will actually get audited. Signed-off-by: Eric Paris <[EMAIL PROTECTED]> net/key/af_key.c |5 ++--- net/xfrm/xfrm_user.c |5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/net/key/af_key.c b/net/key/af_key.c index 1c58204..d8fc88c 100644 --- a/net/key/af

RE: [PATCH] xfrm_policy delete security check misplaced

On Mon, 2007-03-05 at 11:39 -0500, James Morris wrote: > On Mon, 5 Mar 2007, Venkat Yekkirala wrote: > > > > > > > Signed-off-by: Eric Paris <[EMAIL PROTECTED]> > > Acked-by: Venkat Yekkirala <[EMAIL PROTECTED]> > > What about your previous c

Re: [PATCH] Add xfrm policy change auditing to pfkey_spdget

On Wed, 2007-03-07 at 16:07 -0800, David Miller wrote: > From: David Miller <[EMAIL PROTECTED]> > Date: Wed, 07 Mar 2007 15:43:16 -0800 (PST) > > > From: Eric Paris <[EMAIL PROTECTED]> > > Date: Fri, 02 Mar 2007 13:51:24 -0500 > > > > > pfkey_spdg

[PATCH] Protection for exploiting null dereference using mmap

t possible for us to move some of the other memory protect permissions out of 'process' and into the new class next time we bump the policy version number (which I also think is a good future idea) -Eric Signed-off-by: Eric Paris <[EMAIL PROTECTED]> --- Documentation/sysctl/kernel.txt

Re: [PATCH] Protection for exploiting null dereference using mmap

On Tue, 2007-06-05 at 17:16 -0400, Alan Cox wrote: > On Tue, Jun 05, 2007 at 05:00:51PM -0400, James Morris wrote: > > This should be an unsigned long. > > > > I wonder if the default should be for this value to be zero (i.e. preserve > > existing behavior). It could break binaries, albeit

Re: [PATCH] Protection for exploiting null dereference using mmap

ould break binaries, albeit potentially insecure > > Agreed - DOSemu type apps and lrmi need to map at zero for vm86 And so it shall be! Signed-off-by: Eric Paris <[EMAIL PROTECTED]> --- Documentation/sysctl/kernel.txt | 14 ++ include/linux/se

Re: [PATCH 1/7] ICH Force HPET: Make generic time capable of switching broadcast timer

On Thu, 2007-06-28 at 01:27 -0700, Andrew Morton wrote: > On Thu, 28 Jun 2007 00:12:21 -0700 Andrew Morton <[EMAIL PROTECTED]> wrote: > > > I can't start the X server any more, but that's probably unrelated ;) > > > > > me hopelessly outnumbered> > > And the winner of the

[PATCH] SELinux: make mmap hint addresses greater than mmap_min_addr

The new protection to keep users from writing to the first couple of pages of virtual memory also is stopping mmap operations which are only giving a hint address greater than 0 but less than mmap_min_addr. This patch should take the address given to mmap and move it up to mmap_min_addr thus

Re: [PATCH 1/2] selinux: don't enable minimum mmap checking by default

rmissions which are not present in the user's policy. > > Signed-off-by: James Morris <[EMAIL PROTECTED]> Acked-by: Eric Paris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Mor

[PATCH 2/3] mmap: round mmap hint address above mmap_min_addr

no matter what. So we should not both compiling in this rounding if it is just a waste of time. Signed-off-by: Eric Paris <[EMAIL PROTECTED]> --- mm/mmap.c | 10 ++ mm/nommu.c | 10 ++ 2 files changed, 20 insertions(+), 0 deletions(-) diff --git a/mm/mmap.c b/mm/mmap.c

[PATCH 3/3] security: allow capable check to permit mmap or low vm space

that any process with this capability can harm the system a lot more easily than writing some stuff on the zero page and then trying to get the kernel to trip over itself. It also means that programs like X on i686 which use vm86 emulation can work even with mmap_min_addr set. Signed-off-by: Eric Paris

[PATCH 1/3] mmap: protect from stack expantion into low vm addresses

against this missed code path. Signed-off-by: Eric Paris <[EMAIL PROTECTED]> --- ** Be very careful applying/rediffing this patch. Standard 3 lines of context from git diff will misapply the first hunk to expand_upwards instead of properly in expand_downwards. This patch was generated usin

Re: [PATCH 2/3] mmap: round mmap hint address above mmap_min_addr

On Sat, 2007-11-17 at 08:42 +1100, James Morris wrote: > On Fri, 16 Nov 2007, Eric Paris wrote: > > > +#ifdef CONFIG_SECURITY > > + /* > > +* If a hint addr is less than mmap_min_addr change addr to be as > > +* low as possible but st

Re: [PATCH 3/3] security: allow capable check to permit mmap or low vm space

On Sat, 2007-11-17 at 08:47 +1100, James Morris wrote: > On Fri, 16 Nov 2007, Eric Paris wrote: > > > On a kernel with CONFIG_SECURITY but without an LSM which implements > > security_file_mmap it is impossible for an application to mmap addresses > > lower than mmap

Re: [PATCH 3/3] security: allow capable check to permit mmap or low vm space

On Sat, 2007-11-17 at 08:58 +1100, James Morris wrote: > On Fri, 16 Nov 2007, Eric Paris wrote: > > > On Sat, 2007-11-17 at 08:47 +1100, James Morris wrote: > > > On Fri, 16 Nov 2007, Eric Paris wrote: > > > > > > > On a kernel with CONFIG_SE

Re: [PATCH 3/3] security: allow capable check to permit mmap or low vm space

On Sat, 2007-11-17 at 09:12 +1100, James Morris wrote: > On Fri, 16 Nov 2007, Eric Paris wrote: > > > When this protection was originally concieved it intentionally was > > offing something even without an more 'full featured' LSM. That was the > > whole reason I h

[PATCH 2/3] Audit: break a large single execve argument into smaller records

argument which could pretty easily oom. a single argument larger than MAX_EXECVE_AUDIT_LEN is broken into multiple records and have a format like a10[0] a10[1] a10[2] etc. Signed-off-by: Eric Paris <[EMAIL PROTECTED]> --- example audit log (about 50k long) for the

[PATCH 1/3] Audit: break up execve argument lists into multiple records

Break the auditing of a list of execve arguments into smaller records if there are a too many. The limit is currently around 7.5k of arguments as userspace has an 8k buffer limit and will drop messages which are longer. Signed-off-by: Eric Paris <[EMAIL PROTEC

[PATCH 3/3] Audit: remove the limit on execve arguments when audit is running

Remove the limitation on argv size. The audit system now logs arguments in smaller chunks (currently about 8k due to userspace audit system buffer sizes) so this is no longer a requirement. Signed-off-by: Eric Paris <[EMAIL PROTECTED]> Acked-by: Peter Zijlstra <[EMAIL

Re: [PATCH 2/2] Version 11 (2.6.24-rc2) Smack: Simplified Mandatory Access Control Kernel

[snip from fs/super.c:vfs_kern_mount() just for reference] if (data) { secdata = alloc_secdata(); if (!secdata) goto out_mnt; error = security_sb_copy_data(type, data, secdata); if (error)

Re: [PATCH 3/4] powerpc: Optimise 64bit syscall auditing entry path

Patches 1 and 2 I applied for 3.10, but I'd really like to have someone who knows PPC ack 3 and 4. Especially if there is a hope that it goes through my tree... Link to original messages for your ease of review... http://marc.info/?l=linux-kernel=135768892320439=2

Re: [PATCH -next] audit: remove duplicated include from audit.c

net/netlink.h includes linux/netlink.h but linux/netlink.h does not include net/netlink.h since the audit code uses the nlmsg_* functions provided in net/netlink.h it seems we need this include. since the audit code uses netlink_unicast provided in linux/netlink.h it seems we need that

Re: [PATCH] kernel: audit: beautify code, for extern function, better to check its parameters by itself

- Original Message - > > __audit_socketcall is an extern function. > better to check its parameters by itself. > > also can return error code, when fail (find invalid parameters). > also use macro instead of real hard code number > also give related comments for it. > >

Re: [PATCH] kernel: auditfilter: looping issue, memory leak if has 2 or more AUDIT_FILTERKEYs

We only allow one filter key per rule. So we should never be able to get into this situation. See audit_data_to_entry() -Eric - Original Message - > > in the 'fcount' looping, > if 'new->fields[*].type" has 2 or more AUDIT_FILTERKEYs > need judge new->filterkey whether has

Re: [PATCH] kernel: auditfilter: looping issue, memory leak if has 2 or more AUDIT_FILTERKEYs

- Original Message - > > > in another function: audit_data_to_entry: > > a. has the same issue for case AUDIT_WATCH. You are saying if there were 2 of them it will leak the old one? No. If you have 2 AUDIT_WATCH entries the first one will set entry->rule->watch and the second

Re: [PATCH] kernel: auditfilter: looping issue, memory leak if has 2 or more AUDIT_FILTERKEYs

- Original Message - > b. has an new issue for AUDIT_DIR: >after AUDIT_DIR succeed, it will set rule->tree. >next, the other case fail, then will call audit_free_rule. >but audit_free_rule will not free rule->tree. Definitely a couple of leaks here... I'm

Re: [PATCH] kernel: auditfilter: looping issue, memory leak if has 2 or more AUDIT_FILTERKEYs

- Original Message - > > also for function audit_list: > when call audit_make_reply fails (will return NULL). > we need free all its related variables instead of only kfree rull. > (such as call autit_free_rule) > > please help check, thanks. audit_free_rule() takes a

Re: [PATCH] kernel: auditfilter: looping issue, memory leak if has 2 or more AUDIT_FILTERKEYs

- Original Message - > > also for function audit_list_rules: > when call audit_make_reply fails (will return NULL). > we also need process data->buf, not only data itself. > > please help check, thanks. struct audit_rule_data { [...] charbuf[0]; /* string

Re: [Part1 PATCH 00/22] Add namespace support for audit

On Thu, 2013-06-20 at 11:02 +0800, Gao feng wrote: > On 06/20/2013 04:51 AM, Eric Paris wrote: > > On Wed, 2013-06-19 at 16:49 -0400, Aristeu Rozanski wrote: > >> On Wed, Jun 19, 2013 at 09:53:32AM +0800, Gao feng wrote: > >>> This patchset is first part

Re: [libseccomp-discuss] ARM audit, seccomp, etc are broken wrt OABI syscalls

On Tue, 2013-11-05 at 14:36 -0800, Andy Lutomirski wrote: > [cc: some ARM people] > > After a bit of an adventure, I got QEMU working. (Linux 3.12's smc91x > driver and qemu 1.6 don't get along. It would be great if some > kernel.org page described a standard way to boot a modern Linux image >

<    1   2   3   4   5   6   >