[PATCH] IPC_SET_PERM cleanup

Dustin Kirkland dustin.kirkland at gmail.com
Mon May 8 18:29:57 UTC 2006 

On 5/5/06, Linda Knippers <linda.knippers at hp.com> wrote:
> The following patch addresses most of the issues with the IPC_SET_PERM
> records as described in:
> https://www.redhat.com/archives/linux-audit/2006-May/msg00010.html

Hi Linda-

I apologize for the delay in my response.  I'm pretty much permanently
away from Audit-related work, and just now got a chance to respond to
this.

First, let me point you to a thread wherein I explained why I made the
audit ipc changes that I did (in case you missed it the first time
around).  It starts here:
https://www.redhat.com/archives/linux-audit/2006-March/msg00088.html

That said, thanks for testing some of this out more thoroughly and
posting your findings.

> To summarize, I made the following changes:
>
> 1. Changed sys_msgctl() and semctl_down() so that an IPC_SET_PERM
>    record is emitted in the failure case as well as the success case.
>    This matches the behavior in sys_shmctl().  I could simplify the
>    code in sys_msgctl() and semctl_down() slightly but it would mean
>    that in some error cases we could get an IPC_SET_PERM record
>    without an IPC record and that seemed odd.

I think this is ok.

> 2. No change to the IPC record type, given no feedback on the backward
>    compatibility question.

I'm not one to speak authoritatively about compatibility issues... 
But I do prefer the more descriptive AUDIT_IPC_SET_PERM type, as it
more accurately explains what the record is.  Someone might complain
at some point about changing the record type, but there will be
considerably more invasive API changes elsewhere between the 2.6.5 and
the 2.6.16 kernels (and the RHEL4/RHEL5 kernels).

> 3. Removed the qbytes field from the IPC record.  It wasn't being
>    set and when audit_ipc_obj() is called from ipcperms(), the
>    information isn't available.  If we want the information in the IPC
>    record, more extensive changes will be necessary.  Since it only
>    applies to message queues and it isn't really permission related, it
>    doesn't seem worth it.

I agree with you here.  However, I resisted the urge to remove the
qbytes field when I reworked the ipc audit code as I did not know
__why__ this was being saved.  I assumed this was required by CAPP for
one reason or another.  I personally don't find it a very interesting
field to capture.  But I encourage you to review this with Klaus (or
another of the CAPP/LSPP experts).

> 4. Removed the obj field from the IPC_SET_PERM record.  This means that
>    the kern_ipc_perm argument is no longer needed.

Hmm...  This is probably ok, as long as you can __guarantee__ that an
IPC record will always closely follow an IPC_SET_PERM (and can be
associated together).  The object label is needed for LSPP.  If that
can be found in an associated record, so be it.  Looking at your
example results, it seems ok.

> 5. Replaced the spaces in the IPC_SET_PERM field names with underscores.

Thanks, that was my oversight.  There should definitely be underscores
rather than spaces.

:-Dustin

More information about the Linux-audit mailing list