[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: audit-0.6.2 released


On Fri, 2005-02-11 at 15:22, Stephen Smalley wrote:
> On Fri, 2005-02-11 at 15:29, Steve Grubb wrote:
> > Sort of. It fixes the one you saw. However, the corruption Peter was chasing 
> > is probably not related. This was a userspace fix. I think there is a 
> > separate kernel side one that's been discussed in the SE Linux mail list.
> Yes, we saw corruption in the SELinux avc messages prior to any use of
> auditd at all, when everything was still being handled by klogd.
The corruption I was able to track down was in the kernel, this patch
will fix the problem, (the problem I saw was corrupted avc messages
which always started with 118 leading white spaces).  This is not a
final patch as I still need to determine what the issue is with printk. 
The "%*.*s" format specifier is not popular in the kernel, iirc it is
only used in a few routines, which include the audit and avc routines.

So yes there is a separate kernel side issue dealing with corrupted avc



--- linux/kernel/audit.c.orig	2005-02-16 13:49:28.839925080 -0500
+++ linux/kernel/audit.c	2005-02-16 13:53:24.757060224 -0500
@@ -513,8 +513,8 @@
 		if (!audit_pid) { /* No daemon */
 			int offset = ab->nlh ? NLMSG_SPACE(0) : 0;
 			int len    = skb->len - offset;
-			printk(KERN_ERR "%*.*s\n",
-			       len, len, skb->data + offset);
+			skb->data[offset + len] = '\0';
+			printk(KERN_ERR "%s\n", skb->data + offset);
 		ab->nlh = NULL;

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]