diff options
| author | Paul Moore <paul@paul-moore.com> | 2016-08-30 17:19:13 -0400 |
|---|---|---|
| committer | Mister Oyster <oysterized@gmail.com> | 2017-12-28 23:59:55 +0100 |
| commit | afbb356a4005006f56fd56e16b89527334c64294 (patch) | |
| tree | 6dda41c7d9825bad07cae6cac766a962128dc345 | |
| parent | 6881475d3410ba34a8fecf9fbc43bdc8caa23b55 (diff) | |
BACKPORT: audit: consistently record PIDs with task_tgid_nr()
Unfortunately we record PIDs in audit records using a variety of
methods despite the correct way being the use of task_tgid_nr().
This patch converts all of these callers, except for the case of
AUDIT_SET in audit_receive_msg() (see the comment in the code).
Reported-by: Jeff Vander Stoep <jeffv@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Bug: 28952093
(cherry picked from commit fa2bea2f5cca5b8d4a3e5520d2e8c0ede67ac108)
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Change-Id: I36508a25c957f5108299e68a3b0f627c94eb27eb
Signed-off-by: Joe Maples <joe@frap129.org>
| -rw-r--r-- | kernel/audit.c | 8 | ||||
| -rw-r--r-- | kernel/auditsc.c | 12 | ||||
| -rw-r--r-- | security/lsm_audit.c | 4 |
3 files changed, 15 insertions, 9 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 6c874e506..53e987df0 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -701,6 +701,12 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) return err; } if (status_get->mask & AUDIT_STATUS_PID) { + /* NOTE: we are using task_tgid_vnr() below because + * the s.pid value is relative to the namespace + * of the caller; at present this doesn't matter + * much since you can really only run auditd + * from the initial pid namespace, but something + * to keep in mind if this changes */ int new_pid = status_get->pid; if (audit_enabled != AUDIT_OFF) @@ -1632,7 +1638,7 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) " euid=%u suid=%u fsuid=%u" " egid=%u sgid=%u fsgid=%u ses=%u tty=%s", sys_getppid(), - tsk->pid, + task_tgid_nr(tsk), from_kuid(&init_user_ns, audit_get_loginuid(tsk)), from_kuid(&init_user_ns, cred->uid), from_kgid(&init_user_ns, cred->gid), diff --git a/kernel/auditsc.c b/kernel/auditsc.c index f3286c7d5..c1532eaeb 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -469,7 +469,7 @@ static int audit_filter_rules(struct task_struct *tsk, switch (f->type) { case AUDIT_PID: - result = audit_comparator(tsk->pid, f->op, f->val); + result = audit_comparator(task_tgid_nr(tsk), f->op, f->val); break; case AUDIT_PPID: if (ctx) { @@ -2001,7 +2001,7 @@ int audit_set_loginuid(kuid_t loginuid) audit_log_format(ab, "login pid=%d uid=%u " "old auid=%u new auid=%u" " old ses=%u new ses=%u", - task->pid, + task_tgid_nr(task), from_kuid(&init_user_ns, task_uid(task)), from_kuid(&init_user_ns, task->loginuid), from_kuid(&init_user_ns, loginuid), @@ -2209,7 +2209,7 @@ void __audit_ptrace(struct task_struct *t) { struct audit_context *context = current->audit_context; - context->target_pid = t->pid; + context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); @@ -2234,7 +2234,7 @@ int __audit_signal_info(int sig, struct task_struct *t) if (audit_pid && t->tgid == audit_pid) { if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) { - audit_sig_pid = tsk->pid; + audit_sig_pid = task_tgid_nr(tsk); if (uid_valid(tsk->loginuid)) audit_sig_uid = tsk->loginuid; else @@ -2339,7 +2339,7 @@ void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old) { struct audit_context *context = current->audit_context; - context->capset.pid = pid; + context->capset.pid = task_tgid_nr(current); context->capset.cap.effective = new->cap_effective; context->capset.cap.inheritable = new->cap_effective; context->capset.cap.permitted = new->cap_permitted; @@ -2370,7 +2370,7 @@ static void audit_log_task(struct audit_buffer *ab) from_kgid(&init_user_ns, gid), sessionid); audit_log_task_context(ab); - audit_log_format(ab, " pid=%d comm=", current->pid); + audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current)); audit_log_untrustedstring(ab, current->comm); } diff --git a/security/lsm_audit.c b/security/lsm_audit.c index fe7d8636c..4f021ad69 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -222,7 +222,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, if (tsk->cred) audit_log_format(ab, " uid=%d", tsk->cred->uid); - audit_log_format(ab, " pid=%d comm=", tsk->pid); + audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current)); audit_log_untrustedstring(ab, tsk->comm); switch (a->type) { @@ -298,7 +298,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, if (tsk && tsk->pid) { if (tsk->cred) audit_log_format(ab, " uid=%d", tsk->cred->uid); - audit_log_format(ab, " pid=%d comm=", tsk->pid); + audit_log_format(ab, " pid=%d comm=", task_tgid_nr(tsk)); audit_log_untrustedstring(ab, tsk->comm); } break; |