[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: audit-ptrace patch (untested)



On Mon, 2007-03-05 at 09:50 -0500, Alexander Viro wrote:
> That one is on top of security_getprocattr() patch.  See bz#228384...
> 
<snip>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 89875b2..c8465ea 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
<snip>
> @@ -1874,6 +1887,13 @@ int audit_sockaddr(int len, void *a)
>  	return 0;
>  }
>  
> +void __audit_ptrace(struct task_struct *t)
> +{
> +	struct audit_context *context = current->audit_context;
> +	context->target_pid = t->pid;
> +	security_getprocattr(t, "current", &context->obj_ctx);
> +}

This will trigger a permission check in selinux_getprocattr, because
current != t.  So the audit system could be prevented from fetching the
context in this way based on the current task's permissions.   As with
the prior patch, I'd suggest using security_task_getsecid() and
security_secid_to_secctx() [or their selinux-specific equivalents,
selinux_get_task_sid and selinux_sid_to_string, already in use by audit]
instead for such internal access to security contexts.

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]