[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] (#6) filesystem auditing



* Steve Grubb (sgrubb redhat com) wrote:
> On Monday 14 March 2005 18:14, Timothy R. Chavez wrote:
> > This patch has enough changes in it to be called patch #6
> 
> I just noticed this in audit.h:
> 
> struct audit_watch {
>        int     namelen;
>        int     fklen;
> 
> Shouldn't these be pinned down to a byte size? Like __u32 or __u16? It seems 
> safer to me when you consider userspace to kernel packets and whether the 
> kernel is 64 bit and userspace 32 bit.

IIUC, they'd be 32 bit in either case, but can't hurt to be specific.

> But more interesting...what if a -1 was sent for fklen?
> 
> +       if (req->fklen) {
> +               ret = -ENOMEM;
> +               filterkey = kmalloc(req->fklen, GFP_KERNEL);
> 
> Kaboom...

Luckily, your kmalloc(-1) example would fail (there's no slab that
big), but if there's no value in having the lens be signed, then make
'em unsigned.  And, of course, assume all userspace data is unsafe and
do sanity checking.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]