diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2014-03-15 18:42:34 -0400 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2014-09-23 16:37:56 -0400 |
commit | 9eab339b197a6903043d272295dcb716ff739b21 (patch) | |
tree | 4f8c204a04b59bc20e679f84f1d6b28f79fcce2c /kernel/auditsc.c | |
parent | f874738e8c178b19479f7b143211a1df00367988 (diff) | |
download | lwn-9eab339b197a6903043d272295dcb716ff739b21.tar.gz lwn-9eab339b197a6903043d272295dcb716ff739b21.zip |
audit: get comm using lock to avoid race in string printing
When task->comm is passed directly to audit_log_untrustedstring() without
getting a copy or using the task_lock, there is a race that could happen that
would output a NULL (\0) in the output string that would effectively truncate
the rest of the report text after the comm= field in the audit, losing fields.
Use get_task_comm() to get a copy while acquiring the task_lock to prevent
this and to prevent the result from being a mixture of old and new values of
comm.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r-- | kernel/auditsc.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 63a74a703c97..89335723fb2a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2424,6 +2424,7 @@ static void audit_log_task(struct audit_buffer *ab) kgid_t gid; unsigned int sessionid; struct mm_struct *mm = current->mm; + char comm[sizeof(current->comm)]; auid = audit_get_loginuid(current); sessionid = audit_get_sessionid(current); @@ -2436,7 +2437,7 @@ static void audit_log_task(struct audit_buffer *ab) sessionid); audit_log_task_context(ab); audit_log_format(ab, " pid=%d comm=", task_pid_nr(current)); - audit_log_untrustedstring(ab, current->comm); + audit_log_untrustedstring(ab, get_task_comm(comm, current)); if (mm) { down_read(&mm->mmap_sem); if (mm->exe_file) |