[PATCH 1/2] audit: fix NUL handling in untrusted strings
Miloslav Trmač
mitr at redhat.com
Thu Sep 11 19:37:47 UTC 2008
Andrew Morton píše v Čt 11. 09. 2008 v 12:14 -0700:
> On Thu, 11 Sep 2008 00:23:38 +0200
> Miloslav Trma__ <mitr at redhat.com> wrote:
>
> > The audit record can thus contain a NUL byte (and some unchecked data
> > after that). Because the user-space audit daemon treats audit records
> > as NUL-terminated strings, an untrusted string that is shorter than the
> > specified maximum length effectively terminates the audit record.
> >
> It's unclear how serious this problem is.
* AUDIT_USER_TTY records (which are sent from user-space with a trailing
NUL byte) are missing a terminating '"' character.
* Some data is not recorded in AUDIT_TTY records, and the terminating
'"' character is missing in that case as well.
> Do you believe that it is
> sufficiently serious to warrant merging these fixes into 2.6.27?
> 2.6.26.x? 2.6.25.x?
This patch (1/2) only fixes creation of incorrectly formatted, but
easy-to-understand audit records; it would be nice to have it in 2.6.27
(assuming the audit maintainer acks it - or a variant of it). The other
one (2/2), which makes sure all TTY audit data is recorded, should
probably be merged in the stable releases as well.
Mirek
More information about the Linux-audit
mailing list