Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9410d228 authored by Richard Guy Briggs's avatar Richard Guy Briggs Committed by Eric Paris
Browse files

audit: call audit_bprm() only once to add AUDIT_EXECVE information 



Move the audit_bprm() call from search_binary_handler() to exec_binprm().  This
allows us to get rid of the mm member of struct audit_aux_data_execve since
bprm->mm will equal current->mm.

This also mitigates the issue that ->argc could be modified by the
load_binary() call in search_binary_handler().

audit_bprm() was being called to add an AUDIT_EXECVE record to the audit
context every time search_binary_handler() was recursively called.  Only one
reference is necessary.

Reported-by: default avatarOleg Nesterov <onestero@redhat.com>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
---
This patch is against 3.11, but was developed on Oleg's post-3.11 patches that
introduce exec_binprm().
parent d9cfea91

fs/exec.c

+1 −4
Original line number Original line Diff line number Diff line
@@ -1383,10 +1383,6 @@ int search_binary_handler(struct linux_binprm *bprm) 
	if (retval)

	if (retval)

		return retval;

		return retval;





	retval = audit_bprm(bprm);

	if (retval)

		return retval;



	/* Need to fetch pid before load_binary changes it */

	/* Need to fetch pid before load_binary changes it */

	old_pid = current->pid;

	old_pid = current->pid;

	rcu_read_lock();

	rcu_read_lock();
@@ -1408,6 +1404,7 @@ int search_binary_handler(struct linux_binprm *bprm) 
			bprm->recursion_depth = depth;

			bprm->recursion_depth = depth;

			if (retval >= 0) {

			if (retval >= 0) {

				if (depth == 0) {

				if (depth == 0) {

					audit_bprm(bprm);

					trace_sched_process_exec(current, old_pid, bprm);

					trace_sched_process_exec(current, old_pid, bprm);

					ptrace_event(PTRACE_EVENT_EXEC, old_vpid);

					ptrace_event(PTRACE_EVENT_EXEC, old_vpid);

				}

				}

include/linux/audit.h

+3 −6
Original line number Original line Diff line number Diff line
@@ -238,11 +238,10 @@ static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid 
	if (unlikely(!audit_dummy_context()))

	if (unlikely(!audit_dummy_context()))

		__audit_ipc_set_perm(qbytes, uid, gid, mode);

		__audit_ipc_set_perm(qbytes, uid, gid, mode);

}

}

static inline int audit_bprm(struct linux_binprm *bprm)

static inline void audit_bprm(struct linux_binprm *bprm)

{

{

	if (unlikely(!audit_dummy_context()))

	if (unlikely(!audit_dummy_context()))

		__audit_bprm(bprm);

		__audit_bprm(bprm);

	return 0;

}

}

static inline int audit_socketcall(int nargs, unsigned long *args)

static inline int audit_socketcall(int nargs, unsigned long *args)

{

{
@@ -369,10 +368,8 @@ static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) 
static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,

static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,

					gid_t gid, umode_t mode)

					gid_t gid, umode_t mode)

{ }

{ }

static inline int audit_bprm(struct linux_binprm *bprm)

static inline void audit_bprm(struct linux_binprm *bprm)

{

{ }

	return 0;

}

static inline int audit_socketcall(int nargs, unsigned long *args)

static inline int audit_socketcall(int nargs, unsigned long *args)

{

{

	return 0;

	return 0;

kernel/audit.h

+0 −1
Original line number Original line Diff line number Diff line
@@ -199,7 +199,6 @@ struct audit_context { 
		} mmap;

		} mmap;

		struct {

		struct {

			int			argc;

			int			argc;

			struct mm_struct	*mm;

		} execve;

		} execve;

	};

	};

	int fds[2];

	int fds[2];

kernel/auditsc.c

+0 −4
Original line number Original line Diff line number Diff line
@@ -1145,9 +1145,6 @@ static void audit_log_execve_info(struct audit_context *context, 
	const char __user *p;

	const char __user *p;

	char *buf;

	char *buf;





	if (context->execve.mm != current->mm)

		return; /* execve failed, no additional info */



	p = (const char __user *)current->mm->arg_start;

	p = (const char __user *)current->mm->arg_start;





	audit_log_format(*ab, "argc=%d", context->execve.argc);

	audit_log_format(*ab, "argc=%d", context->execve.argc);
@@ -2144,7 +2141,6 @@ void __audit_bprm(struct linux_binprm *bprm) 




	context->type = AUDIT_EXECVE;

	context->type = AUDIT_EXECVE;

	context->execve.argc = bprm->argc;

	context->execve.argc = bprm->argc;

	context->execve.mm = bprm->mm;

}

}