subject:"\[PATCH ghak21 V2 2\/4\] audit\: link denied should not directly generate PATH record"

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

2018-03-12 Thread Richard Guy Briggs

On 2018-03-13 02:22, kbuild test robot wrote:
> Hi Richard,
> 
> Thank you for the patch! Yet something to improve:
> 
> [auto build test ERROR on linus/master]
> [also build test ERROR on v4.16-rc5 next-20180309]
> [if your patch is applied to the wrong git tree, please drop us a note to 
> help improve the system]

My fault.  It was applied to a stale tree:
git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git

A self-NACKed patch wasn't removed from the upstream tree as hoped.  A
new patch is already in the works.

> url:
> https://github.com/0day-ci/linux/commits/Richard-Guy-Briggs/audit-address-ANOM_LINK-excess-records/20180313-015527
> Note: the 
> linux-review/Richard-Guy-Briggs/audit-address-ANOM_LINK-excess-records/20180313-015527
>  HEAD 12e8c56bcd359f7d20d4ae011674d37bc832bc4c builds fine.
>   It only hurts bisectibility.

- RGB

--
Richard Guy Briggs 
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

2018-03-12 Thread Richard Guy Briggs

On 2018-03-13 02:22, kbuild test robot wrote:
> Hi Richard,
> 
> Thank you for the patch! Yet something to improve:
> 
> [auto build test ERROR on linus/master]
> [also build test ERROR on v4.16-rc5 next-20180309]
> [if your patch is applied to the wrong git tree, please drop us a note to 
> help improve the system]

My fault.  It was applied to a stale tree:
git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git

A self-NACKed patch wasn't removed from the upstream tree as hoped.  A
new patch is already in the works.

> url:
> https://github.com/0day-ci/linux/commits/Richard-Guy-Briggs/audit-address-ANOM_LINK-excess-records/20180313-015527
> Note: the 
> linux-review/Richard-Guy-Briggs/audit-address-ANOM_LINK-excess-records/20180313-015527
>  HEAD 12e8c56bcd359f7d20d4ae011674d37bc832bc4c builds fine.
>   It only hurts bisectibility.

- RGB

--
Richard Guy Briggs 
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

2018-03-12 Thread kbuild test robot

Hi Richard,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on linus/master]
[also build test ERROR on v4.16-rc5 next-20180309]
[if your patch is applied to the wrong git tree, please drop us a note to help 
improve the system]

url:
https://github.com/0day-ci/linux/commits/Richard-Guy-Briggs/audit-address-ANOM_LINK-excess-records/20180313-015527
config: i386-tinyconfig (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386 

Note: the 
linux-review/Richard-Guy-Briggs/audit-address-ANOM_LINK-excess-records/20180313-015527
 HEAD 12e8c56bcd359f7d20d4ae011674d37bc832bc4c builds fine.
  It only hurts bisectibility.

All errors (new ones prefixed by >>):

   fs/namei.c: In function 'may_follow_link':
>> fs/namei.c:929:2: error: too many arguments to function 
>> 'audit_log_link_denied'
 audit_log_link_denied("follow_link", >stack[0].link);
 ^
   In file included from include/linux/fsnotify.h:16:0,
from fs/namei.c:25:
   include/linux/audit.h:196:20: note: declared here
static inline void audit_log_link_denied(const char *string)
   ^

vim +/audit_log_link_denied +929 fs/namei.c

800179c9b Kees Cook 2012-07-25  886  
800179c9b Kees Cook 2012-07-25  887  /**
800179c9b Kees Cook 2012-07-25  888   * may_follow_link - Check symlink 
following for unsafe situations
55852635a Randy Dunlap  2012-08-18  889   * @nd: nameidata pathwalk data
800179c9b Kees Cook 2012-07-25  890   *
800179c9b Kees Cook 2012-07-25  891   * In the case of the 
sysctl_protected_symlinks sysctl being enabled,
800179c9b Kees Cook 2012-07-25  892   * CAP_DAC_OVERRIDE needs to be 
specifically ignored if the symlink is
800179c9b Kees Cook 2012-07-25  893   * in a sticky world-writable 
directory. This is to protect privileged
800179c9b Kees Cook 2012-07-25  894   * processes from failing races 
against path names that may change out
800179c9b Kees Cook 2012-07-25  895   * from under them by way of other 
users creating malicious symlinks.
800179c9b Kees Cook 2012-07-25  896   * It will permit symlinks to be 
followed only when outside a sticky
800179c9b Kees Cook 2012-07-25  897   * world-writable directory, or 
when the uid of the symlink and follower
800179c9b Kees Cook 2012-07-25  898   * match, or when the directory 
owner matches the symlink's owner.
800179c9b Kees Cook 2012-07-25  899   *
800179c9b Kees Cook 2012-07-25  900   * Returns 0 if following the 
symlink is allowed, -ve on error.
800179c9b Kees Cook 2012-07-25  901   */
fec2fa24e Al Viro   2015-05-06  902  static inline int 
may_follow_link(struct nameidata *nd)
800179c9b Kees Cook 2012-07-25  903  {
800179c9b Kees Cook 2012-07-25  904 const struct inode *inode;
800179c9b Kees Cook 2012-07-25  905 const struct inode *parent;
2d7f9e2ad Seth Forshee  2016-04-26  906 kuid_t puid;
800179c9b Kees Cook 2012-07-25  907  
800179c9b Kees Cook 2012-07-25  908 if (!sysctl_protected_symlinks)
800179c9b Kees Cook 2012-07-25  909 return 0;
800179c9b Kees Cook 2012-07-25  910  
800179c9b Kees Cook 2012-07-25  911 /* Allowed if owner and 
follower match. */
fceef393a Al Viro   2015-12-29  912 inode = nd->link_inode;
81abe27b1 Eric W. Biederman 2012-08-03  913 if 
(uid_eq(current_cred()->fsuid, inode->i_uid))
800179c9b Kees Cook 2012-07-25  914 return 0;
800179c9b Kees Cook 2012-07-25  915  
800179c9b Kees Cook 2012-07-25  916 /* Allowed if parent directory 
not sticky and world-writable. */
aa65fa35b Al Viro   2015-08-04  917 parent = nd->inode;
800179c9b Kees Cook 2012-07-25  918 if ((parent->i_mode & 
(S_ISVTX|S_IWOTH)) != (S_ISVTX|S_IWOTH))
800179c9b Kees Cook 2012-07-25  919 return 0;
800179c9b Kees Cook 2012-07-25  920  
800179c9b Kees Cook 2012-07-25  921 /* Allowed if parent directory 
and link owner match. */
2d7f9e2ad Seth Forshee  2016-04-26  922 puid = parent->i_uid;
2d7f9e2ad Seth Forshee  2016-04-26  923 if (uid_valid(puid) && 
uid_eq(puid, inode->i_uid))
800179c9b Kees Cook 2012-07-25  924 return 0;
800179c9b Kees Cook 2012-07-25  925  
31956502d Al Viro   2015-05-07  926 if (nd->flags & LOOKUP_RCU)
31956502d Al Viro   2015-05-07  927 return -ECHILD;
31956502d Al Viro   2015-05-07  928  
1cf2665b5 Al Viro   2015-05-06 @929 
audit_log_link_denied("follow_link", >stack[0].link);
800179c9b Kees Cook 2012-07-25  930 return -EACCES;
800179c9b Kees Cook 2012-07-25  931  }
800179c9b Kees Cook 2012-07-25

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

2018-03-12 Thread kbuild test robot

Hi Richard,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on linus/master]
[also build test ERROR on v4.16-rc5 next-20180309]
[if your patch is applied to the wrong git tree, please drop us a note to help 
improve the system]

url:
https://github.com/0day-ci/linux/commits/Richard-Guy-Briggs/audit-address-ANOM_LINK-excess-records/20180313-015527
config: i386-tinyconfig (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386 

Note: the 
linux-review/Richard-Guy-Briggs/audit-address-ANOM_LINK-excess-records/20180313-015527
 HEAD 12e8c56bcd359f7d20d4ae011674d37bc832bc4c builds fine.
  It only hurts bisectibility.

All errors (new ones prefixed by >>):

   fs/namei.c: In function 'may_follow_link':
>> fs/namei.c:929:2: error: too many arguments to function 
>> 'audit_log_link_denied'
 audit_log_link_denied("follow_link", >stack[0].link);
 ^
   In file included from include/linux/fsnotify.h:16:0,
from fs/namei.c:25:
   include/linux/audit.h:196:20: note: declared here
static inline void audit_log_link_denied(const char *string)
   ^

vim +/audit_log_link_denied +929 fs/namei.c

800179c9b Kees Cook 2012-07-25  886  
800179c9b Kees Cook 2012-07-25  887  /**
800179c9b Kees Cook 2012-07-25  888   * may_follow_link - Check symlink 
following for unsafe situations
55852635a Randy Dunlap  2012-08-18  889   * @nd: nameidata pathwalk data
800179c9b Kees Cook 2012-07-25  890   *
800179c9b Kees Cook 2012-07-25  891   * In the case of the 
sysctl_protected_symlinks sysctl being enabled,
800179c9b Kees Cook 2012-07-25  892   * CAP_DAC_OVERRIDE needs to be 
specifically ignored if the symlink is
800179c9b Kees Cook 2012-07-25  893   * in a sticky world-writable 
directory. This is to protect privileged
800179c9b Kees Cook 2012-07-25  894   * processes from failing races 
against path names that may change out
800179c9b Kees Cook 2012-07-25  895   * from under them by way of other 
users creating malicious symlinks.
800179c9b Kees Cook 2012-07-25  896   * It will permit symlinks to be 
followed only when outside a sticky
800179c9b Kees Cook 2012-07-25  897   * world-writable directory, or 
when the uid of the symlink and follower
800179c9b Kees Cook 2012-07-25  898   * match, or when the directory 
owner matches the symlink's owner.
800179c9b Kees Cook 2012-07-25  899   *
800179c9b Kees Cook 2012-07-25  900   * Returns 0 if following the 
symlink is allowed, -ve on error.
800179c9b Kees Cook 2012-07-25  901   */
fec2fa24e Al Viro   2015-05-06  902  static inline int 
may_follow_link(struct nameidata *nd)
800179c9b Kees Cook 2012-07-25  903  {
800179c9b Kees Cook 2012-07-25  904 const struct inode *inode;
800179c9b Kees Cook 2012-07-25  905 const struct inode *parent;
2d7f9e2ad Seth Forshee  2016-04-26  906 kuid_t puid;
800179c9b Kees Cook 2012-07-25  907  
800179c9b Kees Cook 2012-07-25  908 if (!sysctl_protected_symlinks)
800179c9b Kees Cook 2012-07-25  909 return 0;
800179c9b Kees Cook 2012-07-25  910  
800179c9b Kees Cook 2012-07-25  911 /* Allowed if owner and 
follower match. */
fceef393a Al Viro   2015-12-29  912 inode = nd->link_inode;
81abe27b1 Eric W. Biederman 2012-08-03  913 if 
(uid_eq(current_cred()->fsuid, inode->i_uid))
800179c9b Kees Cook 2012-07-25  914 return 0;
800179c9b Kees Cook 2012-07-25  915  
800179c9b Kees Cook 2012-07-25  916 /* Allowed if parent directory 
not sticky and world-writable. */
aa65fa35b Al Viro   2015-08-04  917 parent = nd->inode;
800179c9b Kees Cook 2012-07-25  918 if ((parent->i_mode & 
(S_ISVTX|S_IWOTH)) != (S_ISVTX|S_IWOTH))
800179c9b Kees Cook 2012-07-25  919 return 0;
800179c9b Kees Cook 2012-07-25  920  
800179c9b Kees Cook 2012-07-25  921 /* Allowed if parent directory 
and link owner match. */
2d7f9e2ad Seth Forshee  2016-04-26  922 puid = parent->i_uid;
2d7f9e2ad Seth Forshee  2016-04-26  923 if (uid_valid(puid) && 
uid_eq(puid, inode->i_uid))
800179c9b Kees Cook 2012-07-25  924 return 0;
800179c9b Kees Cook 2012-07-25  925  
31956502d Al Viro   2015-05-07  926 if (nd->flags & LOOKUP_RCU)
31956502d Al Viro   2015-05-07  927 return -ECHILD;
31956502d Al Viro   2015-05-07  928  
1cf2665b5 Al Viro   2015-05-06 @929 
audit_log_link_denied("follow_link", >stack[0].link);
800179c9b Kees Cook 2012-07-25  930 return -EACCES;
800179c9b Kees Cook 2012-07-25  931  }
800179c9b Kees Cook 2012-07-25

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

2018-03-12 Thread Paul Moore

On Mon, Mar 12, 2018 at 11:30 AM, Richard Guy Briggs  wrote:
> On 2018-03-12 11:05, Paul Moore wrote:
>> On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs  wrote:
>> > Audit link denied events generate duplicate PATH records which disagree
>> > in different ways from symlink and hardlink denials.
>> > audit_log_link_denied() should not directly generate PATH records.
>> > While we're at it, remove the now useless struct path argument.
>> >
>> > See: https://github.com/linux-audit/audit-kernel/issues/21
>> > Signed-off-by: Richard Guy Briggs 
>> > ---
>> >  fs/namei.c|  2 +-
>> >  include/linux/audit.h |  6 ++
>> >  kernel/audit.c| 17 ++---
>> >  3 files changed, 5 insertions(+), 20 deletions(-)
>>
>> I have no objection to the v2 change of removing the link parameter,
>> but this patch can not be merged as-is because the v1 patch has
>> already been merged into audit/next (as stated on the mailing list).
>
> Yes, I self-NACKed that patch.
>
> https://www.redhat.com/archives/linux-audit/2018-March/msg00070.html
>
> Is it not possible to drop it, or would you have to do a revert to avoid
> a rebase?

Yes, it is possible to drop a patch from the audit/next patch stack,
but dropping patches is considered *very* bad form and not something I
want to do without a Very Good Reason.  While the v2 patch is the
"right" patch, the v1 patch is not dangerous, so I would rather you
just build on top of what is currently in audit/next.

-- 
paul moore
www.paul-moore.com

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

2018-03-12 Thread Paul Moore

On Mon, Mar 12, 2018 at 11:30 AM, Richard Guy Briggs  wrote:
> On 2018-03-12 11:05, Paul Moore wrote:
>> On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs  wrote:
>> > Audit link denied events generate duplicate PATH records which disagree
>> > in different ways from symlink and hardlink denials.
>> > audit_log_link_denied() should not directly generate PATH records.
>> > While we're at it, remove the now useless struct path argument.
>> >
>> > See: https://github.com/linux-audit/audit-kernel/issues/21
>> > Signed-off-by: Richard Guy Briggs 
>> > ---
>> >  fs/namei.c|  2 +-
>> >  include/linux/audit.h |  6 ++
>> >  kernel/audit.c| 17 ++---
>> >  3 files changed, 5 insertions(+), 20 deletions(-)
>>
>> I have no objection to the v2 change of removing the link parameter,
>> but this patch can not be merged as-is because the v1 patch has
>> already been merged into audit/next (as stated on the mailing list).
>
> Yes, I self-NACKed that patch.
>
> https://www.redhat.com/archives/linux-audit/2018-March/msg00070.html
>
> Is it not possible to drop it, or would you have to do a revert to avoid
> a rebase?

Yes, it is possible to drop a patch from the audit/next patch stack,
but dropping patches is considered *very* bad form and not something I
want to do without a Very Good Reason.  While the v2 patch is the
"right" patch, the v1 patch is not dangerous, so I would rather you
just build on top of what is currently in audit/next.

-- 
paul moore
www.paul-moore.com

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

2018-03-12 Thread Richard Guy Briggs

On 2018-03-12 11:05, Paul Moore wrote:
> On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs  wrote:
> > Audit link denied events generate duplicate PATH records which disagree
> > in different ways from symlink and hardlink denials.
> > audit_log_link_denied() should not directly generate PATH records.
> > While we're at it, remove the now useless struct path argument.
> >
> > See: https://github.com/linux-audit/audit-kernel/issues/21
> > Signed-off-by: Richard Guy Briggs 
> > ---
> >  fs/namei.c|  2 +-
> >  include/linux/audit.h |  6 ++
> >  kernel/audit.c| 17 ++---
> >  3 files changed, 5 insertions(+), 20 deletions(-)
> 
> I have no objection to the v2 change of removing the link parameter,
> but this patch can not be merged as-is because the v1 patch has
> already been merged into audit/next (as stated on the mailing list).

Yes, I self-NACKed that patch.

https://www.redhat.com/archives/linux-audit/2018-March/msg00070.html

Is it not possible to drop it, or would you have to do a revert to avoid
a rebase?

> You need to respin this patch against audit/next and redo the
> subject/description to indicate that you are just removing the unused
> link parameter in this updated patch.

So the way I had it in my devel tree rather than squashing it...

> > diff --git a/fs/namei.c b/fs/namei.c
> > index 9cc91fb..50d2533 100644
> > --- a/fs/namei.c
> > +++ b/fs/namei.c
> > @@ -1011,7 +1011,7 @@ static int may_linkat(struct path *link)
> > if (safe_hardlink_source(inode) || inode_owner_or_capable(inode))
> > return 0;
> >
> > -   audit_log_link_denied("linkat", link);
> > +   audit_log_link_denied("linkat");
> > return -EPERM;
> >  }
> >
> > diff --git a/include/linux/audit.h b/include/linux/audit.h
> > index af410d9..75d5b03 100644
> > --- a/include/linux/audit.h
> > +++ b/include/linux/audit.h
> > @@ -146,8 +146,7 @@ extern void audit_log_d_path(struct 
> > audit_buffer *ab,
> >  const struct path *path);
> >  extern voidaudit_log_key(struct audit_buffer *ab,
> >   char *key);
> > -extern voidaudit_log_link_denied(const char *operation,
> > - const struct path *link);
> > +extern voidaudit_log_link_denied(const char *operation);
> >  extern voidaudit_log_lost(const char *message);
> >
> >  extern int audit_log_task_context(struct audit_buffer *ab);
> > @@ -194,8 +193,7 @@ static inline void audit_log_d_path(struct audit_buffer 
> > *ab,
> >  { }
> >  static inline void audit_log_key(struct audit_buffer *ab, char *key)
> >  { }
> > -static inline void audit_log_link_denied(const char *string,
> > -const struct path *link)
> > +static inline void audit_log_link_denied(const char *string)
> >  { }
> >  static inline int audit_log_task_context(struct audit_buffer *ab)
> >  {
> > diff --git a/kernel/audit.c b/kernel/audit.c
> > index 7026d69..e54deaf 100644
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@ -2301,36 +2301,23 @@ void audit_log_task_info(struct audit_buffer *ab, 
> > struct task_struct *tsk)
> >  /**
> >   * audit_log_link_denied - report a link restriction denial
> >   * @operation: specific link operation
> > - * @link: the path that triggered the restriction
> >   */
> > -void audit_log_link_denied(const char *operation, const struct path *link)
> > +void audit_log_link_denied(const char *operation)
> >  {
> > struct audit_buffer *ab;
> > -   struct audit_names *name;
> >
> > if (!audit_enabled || audit_dummy_context())
> > return;
> >
> > -   name = kzalloc(sizeof(*name), GFP_NOFS);
> > -   if (!name)
> > -   return;
> > -
> > /* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */
> > ab = audit_log_start(current->audit_context, GFP_KERNEL,
> >  AUDIT_ANOM_LINK);
> > if (!ab)
> > -   goto out;
> > +   return;
> > audit_log_format(ab, "op=%s", operation);
> > audit_log_task_info(ab, current);
> > audit_log_format(ab, " res=0");
> > audit_log_end(ab);
> > -
> > -   /* Generate AUDIT_PATH record with object. */
> > -   name->type = AUDIT_TYPE_NORMAL;
> > -   audit_copy_inode(name, link->dentry, d_backing_inode(link->dentry));
> > -   audit_log_name(current->audit_context, name, link, 0, NULL);
> > -out:
> > -   kfree(name);
> >  }
> >
> >  /**
> > --
> > 1.8.3.1
> >
> 
> 
> 
> -- 
> paul moore
> www.paul-moore.com
> 
> --
> Linux-audit mailing list
> linux-au...@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit

- RGB

--
Richard Guy Briggs 
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote,

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

2018-03-12 Thread Richard Guy Briggs

On 2018-03-12 11:05, Paul Moore wrote:
> On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs  wrote:
> > Audit link denied events generate duplicate PATH records which disagree
> > in different ways from symlink and hardlink denials.
> > audit_log_link_denied() should not directly generate PATH records.
> > While we're at it, remove the now useless struct path argument.
> >
> > See: https://github.com/linux-audit/audit-kernel/issues/21
> > Signed-off-by: Richard Guy Briggs 
> > ---
> >  fs/namei.c|  2 +-
> >  include/linux/audit.h |  6 ++
> >  kernel/audit.c| 17 ++---
> >  3 files changed, 5 insertions(+), 20 deletions(-)
> 
> I have no objection to the v2 change of removing the link parameter,
> but this patch can not be merged as-is because the v1 patch has
> already been merged into audit/next (as stated on the mailing list).

Yes, I self-NACKed that patch.

https://www.redhat.com/archives/linux-audit/2018-March/msg00070.html

Is it not possible to drop it, or would you have to do a revert to avoid
a rebase?

> You need to respin this patch against audit/next and redo the
> subject/description to indicate that you are just removing the unused
> link parameter in this updated patch.

So the way I had it in my devel tree rather than squashing it...

> > diff --git a/fs/namei.c b/fs/namei.c
> > index 9cc91fb..50d2533 100644
> > --- a/fs/namei.c
> > +++ b/fs/namei.c
> > @@ -1011,7 +1011,7 @@ static int may_linkat(struct path *link)
> > if (safe_hardlink_source(inode) || inode_owner_or_capable(inode))
> > return 0;
> >
> > -   audit_log_link_denied("linkat", link);
> > +   audit_log_link_denied("linkat");
> > return -EPERM;
> >  }
> >
> > diff --git a/include/linux/audit.h b/include/linux/audit.h
> > index af410d9..75d5b03 100644
> > --- a/include/linux/audit.h
> > +++ b/include/linux/audit.h
> > @@ -146,8 +146,7 @@ extern void audit_log_d_path(struct 
> > audit_buffer *ab,
> >  const struct path *path);
> >  extern voidaudit_log_key(struct audit_buffer *ab,
> >   char *key);
> > -extern voidaudit_log_link_denied(const char *operation,
> > - const struct path *link);
> > +extern voidaudit_log_link_denied(const char *operation);
> >  extern voidaudit_log_lost(const char *message);
> >
> >  extern int audit_log_task_context(struct audit_buffer *ab);
> > @@ -194,8 +193,7 @@ static inline void audit_log_d_path(struct audit_buffer 
> > *ab,
> >  { }
> >  static inline void audit_log_key(struct audit_buffer *ab, char *key)
> >  { }
> > -static inline void audit_log_link_denied(const char *string,
> > -const struct path *link)
> > +static inline void audit_log_link_denied(const char *string)
> >  { }
> >  static inline int audit_log_task_context(struct audit_buffer *ab)
> >  {
> > diff --git a/kernel/audit.c b/kernel/audit.c
> > index 7026d69..e54deaf 100644
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@ -2301,36 +2301,23 @@ void audit_log_task_info(struct audit_buffer *ab, 
> > struct task_struct *tsk)
> >  /**
> >   * audit_log_link_denied - report a link restriction denial
> >   * @operation: specific link operation
> > - * @link: the path that triggered the restriction
> >   */
> > -void audit_log_link_denied(const char *operation, const struct path *link)
> > +void audit_log_link_denied(const char *operation)
> >  {
> > struct audit_buffer *ab;
> > -   struct audit_names *name;
> >
> > if (!audit_enabled || audit_dummy_context())
> > return;
> >
> > -   name = kzalloc(sizeof(*name), GFP_NOFS);
> > -   if (!name)
> > -   return;
> > -
> > /* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */
> > ab = audit_log_start(current->audit_context, GFP_KERNEL,
> >  AUDIT_ANOM_LINK);
> > if (!ab)
> > -   goto out;
> > +   return;
> > audit_log_format(ab, "op=%s", operation);
> > audit_log_task_info(ab, current);
> > audit_log_format(ab, " res=0");
> > audit_log_end(ab);
> > -
> > -   /* Generate AUDIT_PATH record with object. */
> > -   name->type = AUDIT_TYPE_NORMAL;
> > -   audit_copy_inode(name, link->dentry, d_backing_inode(link->dentry));
> > -   audit_log_name(current->audit_context, name, link, 0, NULL);
> > -out:
> > -   kfree(name);
> >  }
> >
> >  /**
> > --
> > 1.8.3.1
> >
> 
> 
> 
> -- 
> paul moore
> www.paul-moore.com
> 
> --
> Linux-audit mailing list
> linux-au...@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit

- RGB

--
Richard Guy Briggs 
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice:

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

2018-03-12 Thread Paul Moore

On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs  wrote:
> Audit link denied events generate duplicate PATH records which disagree
> in different ways from symlink and hardlink denials.
> audit_log_link_denied() should not directly generate PATH records.
> While we're at it, remove the now useless struct path argument.
>
> See: https://github.com/linux-audit/audit-kernel/issues/21
> Signed-off-by: Richard Guy Briggs 
> ---
>  fs/namei.c|  2 +-
>  include/linux/audit.h |  6 ++
>  kernel/audit.c| 17 ++---
>  3 files changed, 5 insertions(+), 20 deletions(-)

I have no objection to the v2 change of removing the link parameter,
but this patch can not be merged as-is because the v1 patch has
already been merged into audit/next (as stated on the mailing list).
You need to respin this patch against audit/next and redo the
subject/description to indicate that you are just removing the unused
link parameter in this updated patch.

> diff --git a/fs/namei.c b/fs/namei.c
> index 9cc91fb..50d2533 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -1011,7 +1011,7 @@ static int may_linkat(struct path *link)
> if (safe_hardlink_source(inode) || inode_owner_or_capable(inode))
> return 0;
>
> -   audit_log_link_denied("linkat", link);
> +   audit_log_link_denied("linkat");
> return -EPERM;
>  }
>
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index af410d9..75d5b03 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -146,8 +146,7 @@ extern void audit_log_d_path(struct 
> audit_buffer *ab,
>  const struct path *path);
>  extern voidaudit_log_key(struct audit_buffer *ab,
>   char *key);
> -extern voidaudit_log_link_denied(const char *operation,
> - const struct path *link);
> +extern voidaudit_log_link_denied(const char *operation);
>  extern voidaudit_log_lost(const char *message);
>
>  extern int audit_log_task_context(struct audit_buffer *ab);
> @@ -194,8 +193,7 @@ static inline void audit_log_d_path(struct audit_buffer 
> *ab,
>  { }
>  static inline void audit_log_key(struct audit_buffer *ab, char *key)
>  { }
> -static inline void audit_log_link_denied(const char *string,
> -const struct path *link)
> +static inline void audit_log_link_denied(const char *string)
>  { }
>  static inline int audit_log_task_context(struct audit_buffer *ab)
>  {
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 7026d69..e54deaf 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -2301,36 +2301,23 @@ void audit_log_task_info(struct audit_buffer *ab, 
> struct task_struct *tsk)
>  /**
>   * audit_log_link_denied - report a link restriction denial
>   * @operation: specific link operation
> - * @link: the path that triggered the restriction
>   */
> -void audit_log_link_denied(const char *operation, const struct path *link)
> +void audit_log_link_denied(const char *operation)
>  {
> struct audit_buffer *ab;
> -   struct audit_names *name;
>
> if (!audit_enabled || audit_dummy_context())
> return;
>
> -   name = kzalloc(sizeof(*name), GFP_NOFS);
> -   if (!name)
> -   return;
> -
> /* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */
> ab = audit_log_start(current->audit_context, GFP_KERNEL,
>  AUDIT_ANOM_LINK);
> if (!ab)
> -   goto out;
> +   return;
> audit_log_format(ab, "op=%s", operation);
> audit_log_task_info(ab, current);
> audit_log_format(ab, " res=0");
> audit_log_end(ab);
> -
> -   /* Generate AUDIT_PATH record with object. */
> -   name->type = AUDIT_TYPE_NORMAL;
> -   audit_copy_inode(name, link->dentry, d_backing_inode(link->dentry));
> -   audit_log_name(current->audit_context, name, link, 0, NULL);
> -out:
> -   kfree(name);
>  }
>
>  /**
> --
> 1.8.3.1
>



-- 
paul moore
www.paul-moore.com

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

2018-03-12 Thread Paul Moore

On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs  wrote:
> Audit link denied events generate duplicate PATH records which disagree
> in different ways from symlink and hardlink denials.
> audit_log_link_denied() should not directly generate PATH records.
> While we're at it, remove the now useless struct path argument.
>
> See: https://github.com/linux-audit/audit-kernel/issues/21
> Signed-off-by: Richard Guy Briggs 
> ---
>  fs/namei.c|  2 +-
>  include/linux/audit.h |  6 ++
>  kernel/audit.c| 17 ++---
>  3 files changed, 5 insertions(+), 20 deletions(-)

I have no objection to the v2 change of removing the link parameter,
but this patch can not be merged as-is because the v1 patch has
already been merged into audit/next (as stated on the mailing list).
You need to respin this patch against audit/next and redo the
subject/description to indicate that you are just removing the unused
link parameter in this updated patch.

> diff --git a/fs/namei.c b/fs/namei.c
> index 9cc91fb..50d2533 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -1011,7 +1011,7 @@ static int may_linkat(struct path *link)
> if (safe_hardlink_source(inode) || inode_owner_or_capable(inode))
> return 0;
>
> -   audit_log_link_denied("linkat", link);
> +   audit_log_link_denied("linkat");
> return -EPERM;
>  }
>
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index af410d9..75d5b03 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -146,8 +146,7 @@ extern void audit_log_d_path(struct 
> audit_buffer *ab,
>  const struct path *path);
>  extern voidaudit_log_key(struct audit_buffer *ab,
>   char *key);
> -extern voidaudit_log_link_denied(const char *operation,
> - const struct path *link);
> +extern voidaudit_log_link_denied(const char *operation);
>  extern voidaudit_log_lost(const char *message);
>
>  extern int audit_log_task_context(struct audit_buffer *ab);
> @@ -194,8 +193,7 @@ static inline void audit_log_d_path(struct audit_buffer 
> *ab,
>  { }
>  static inline void audit_log_key(struct audit_buffer *ab, char *key)
>  { }
> -static inline void audit_log_link_denied(const char *string,
> -const struct path *link)
> +static inline void audit_log_link_denied(const char *string)
>  { }
>  static inline int audit_log_task_context(struct audit_buffer *ab)
>  {
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 7026d69..e54deaf 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -2301,36 +2301,23 @@ void audit_log_task_info(struct audit_buffer *ab, 
> struct task_struct *tsk)
>  /**
>   * audit_log_link_denied - report a link restriction denial
>   * @operation: specific link operation
> - * @link: the path that triggered the restriction
>   */
> -void audit_log_link_denied(const char *operation, const struct path *link)
> +void audit_log_link_denied(const char *operation)
>  {
> struct audit_buffer *ab;
> -   struct audit_names *name;
>
> if (!audit_enabled || audit_dummy_context())
> return;
>
> -   name = kzalloc(sizeof(*name), GFP_NOFS);
> -   if (!name)
> -   return;
> -
> /* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */
> ab = audit_log_start(current->audit_context, GFP_KERNEL,
>  AUDIT_ANOM_LINK);
> if (!ab)
> -   goto out;
> +   return;
> audit_log_format(ab, "op=%s", operation);
> audit_log_task_info(ab, current);
> audit_log_format(ab, " res=0");
> audit_log_end(ab);
> -
> -   /* Generate AUDIT_PATH record with object. */
> -   name->type = AUDIT_TYPE_NORMAL;
> -   audit_copy_inode(name, link->dentry, d_backing_inode(link->dentry));
> -   audit_log_name(current->audit_context, name, link, 0, NULL);
> -out:
> -   kfree(name);
>  }
>
>  /**
> --
> 1.8.3.1
>



-- 
paul moore
www.paul-moore.com

[PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

2018-03-12 Thread Richard Guy Briggs

Audit link denied events generate duplicate PATH records which disagree
in different ways from symlink and hardlink denials.
audit_log_link_denied() should not directly generate PATH records.
While we're at it, remove the now useless struct path argument.

See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs 
---
 fs/namei.c|  2 +-
 include/linux/audit.h |  6 ++
 kernel/audit.c| 17 ++---
 3 files changed, 5 insertions(+), 20 deletions(-)

diff --git a/fs/namei.c b/fs/namei.c
index 9cc91fb..50d2533 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1011,7 +1011,7 @@ static int may_linkat(struct path *link)
if (safe_hardlink_source(inode) || inode_owner_or_capable(inode))
return 0;
 
-   audit_log_link_denied("linkat", link);
+   audit_log_link_denied("linkat");
return -EPERM;
 }
 
diff --git a/include/linux/audit.h b/include/linux/audit.h
index af410d9..75d5b03 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -146,8 +146,7 @@ extern void audit_log_d_path(struct 
audit_buffer *ab,
 const struct path *path);
 extern voidaudit_log_key(struct audit_buffer *ab,
  char *key);
-extern voidaudit_log_link_denied(const char *operation,
- const struct path *link);
+extern voidaudit_log_link_denied(const char *operation);
 extern voidaudit_log_lost(const char *message);
 
 extern int audit_log_task_context(struct audit_buffer *ab);
@@ -194,8 +193,7 @@ static inline void audit_log_d_path(struct audit_buffer *ab,
 { }
 static inline void audit_log_key(struct audit_buffer *ab, char *key)
 { }
-static inline void audit_log_link_denied(const char *string,
-const struct path *link)
+static inline void audit_log_link_denied(const char *string)
 { }
 static inline int audit_log_task_context(struct audit_buffer *ab)
 {
diff --git a/kernel/audit.c b/kernel/audit.c
index 7026d69..e54deaf 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2301,36 +2301,23 @@ void audit_log_task_info(struct audit_buffer *ab, 
struct task_struct *tsk)
 /**
  * audit_log_link_denied - report a link restriction denial
  * @operation: specific link operation
- * @link: the path that triggered the restriction
  */
-void audit_log_link_denied(const char *operation, const struct path *link)
+void audit_log_link_denied(const char *operation)
 {
struct audit_buffer *ab;
-   struct audit_names *name;
 
if (!audit_enabled || audit_dummy_context())
return;
 
-   name = kzalloc(sizeof(*name), GFP_NOFS);
-   if (!name)
-   return;
-
/* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */
ab = audit_log_start(current->audit_context, GFP_KERNEL,
 AUDIT_ANOM_LINK);
if (!ab)
-   goto out;
+   return;
audit_log_format(ab, "op=%s", operation);
audit_log_task_info(ab, current);
audit_log_format(ab, " res=0");
audit_log_end(ab);
-
-   /* Generate AUDIT_PATH record with object. */
-   name->type = AUDIT_TYPE_NORMAL;
-   audit_copy_inode(name, link->dentry, d_backing_inode(link->dentry));
-   audit_log_name(current->audit_context, name, link, 0, NULL);
-out:
-   kfree(name);
 }
 
 /**
-- 
1.8.3.1

[PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

2018-03-12 Thread Richard Guy Briggs

Audit link denied events generate duplicate PATH records which disagree
in different ways from symlink and hardlink denials.
audit_log_link_denied() should not directly generate PATH records.
While we're at it, remove the now useless struct path argument.

See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs 
---
 fs/namei.c|  2 +-
 include/linux/audit.h |  6 ++
 kernel/audit.c| 17 ++---
 3 files changed, 5 insertions(+), 20 deletions(-)

diff --git a/fs/namei.c b/fs/namei.c
index 9cc91fb..50d2533 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1011,7 +1011,7 @@ static int may_linkat(struct path *link)
if (safe_hardlink_source(inode) || inode_owner_or_capable(inode))
return 0;
 
-   audit_log_link_denied("linkat", link);
+   audit_log_link_denied("linkat");
return -EPERM;
 }
 
diff --git a/include/linux/audit.h b/include/linux/audit.h
index af410d9..75d5b03 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -146,8 +146,7 @@ extern void audit_log_d_path(struct 
audit_buffer *ab,
 const struct path *path);
 extern voidaudit_log_key(struct audit_buffer *ab,
  char *key);
-extern voidaudit_log_link_denied(const char *operation,
- const struct path *link);
+extern voidaudit_log_link_denied(const char *operation);
 extern voidaudit_log_lost(const char *message);
 
 extern int audit_log_task_context(struct audit_buffer *ab);
@@ -194,8 +193,7 @@ static inline void audit_log_d_path(struct audit_buffer *ab,
 { }
 static inline void audit_log_key(struct audit_buffer *ab, char *key)
 { }
-static inline void audit_log_link_denied(const char *string,
-const struct path *link)
+static inline void audit_log_link_denied(const char *string)
 { }
 static inline int audit_log_task_context(struct audit_buffer *ab)
 {
diff --git a/kernel/audit.c b/kernel/audit.c
index 7026d69..e54deaf 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2301,36 +2301,23 @@ void audit_log_task_info(struct audit_buffer *ab, 
struct task_struct *tsk)
 /**
  * audit_log_link_denied - report a link restriction denial
  * @operation: specific link operation
- * @link: the path that triggered the restriction
  */
-void audit_log_link_denied(const char *operation, const struct path *link)
+void audit_log_link_denied(const char *operation)
 {
struct audit_buffer *ab;
-   struct audit_names *name;
 
if (!audit_enabled || audit_dummy_context())
return;
 
-   name = kzalloc(sizeof(*name), GFP_NOFS);
-   if (!name)
-   return;
-
/* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */
ab = audit_log_start(current->audit_context, GFP_KERNEL,
 AUDIT_ANOM_LINK);
if (!ab)
-   goto out;
+   return;
audit_log_format(ab, "op=%s", operation);
audit_log_task_info(ab, current);
audit_log_format(ab, " res=0");
audit_log_end(ab);
-
-   /* Generate AUDIT_PATH record with object. */
-   name->type = AUDIT_TYPE_NORMAL;
-   audit_copy_inode(name, link->dentry, d_backing_inode(link->dentry));
-   audit_log_name(current->audit_context, name, link, 0, NULL);
-out:
-   kfree(name);
 }
 
 /**
-- 
1.8.3.1

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

[PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

[PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

12 matches

Site Navigation

Mail list logo

Footer information