[3.8.y.z extended stable] Patch "audit: printk USER_AVC messages when audit isn't enabled" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Fri Dec 6 23:08:18 UTC 2013


This is a note to let you know that I have just added a patch titled

    audit: printk USER_AVC messages when audit isn't enabled

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.14.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 413f7cab725f1afa8c51f638fa4d335fc64beb14 Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks at canonical.com>
Date: Thu, 25 Jul 2013 18:02:55 -0700
Subject: audit: printk USER_AVC messages when audit isn't enabled

commit 0868a5e150bc4c47e7a003367cd755811eb41e0b upstream.

When the audit=1 kernel parameter is absent and auditd is not running,
AUDIT_USER_AVC messages are being silently discarded.

AUDIT_USER_AVC messages should be sent to userspace using printk(), as
mentioned in the commit message of 4a4cd633 ("AUDIT: Optimise the
audit-disabled case for discarding user messages").

When audit_enabled is 0, audit_receive_msg() discards all user messages
except for AUDIT_USER_AVC messages. However, audit_log_common_recv_msg()
refuses to allocate an audit_buffer if audit_enabled is 0. The fix is to
special case AUDIT_USER_AVC messages in both functions.

It looks like commit 50397bd1 ("[AUDIT] clean up audit_receive_msg()")
introduced this bug.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Cc: Al Viro <viro at zeniv.linux.org.uk>
Cc: Eric Paris <eparis at redhat.com>
Cc: linux-audit at redhat.com
Acked-by: Kees Cook <keescook at chromium.org>
Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
Signed-off-by: Eric Paris <eparis at redhat.com>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 kernel/audit.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 8a667f10..1da9782 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -615,7 +615,7 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
 	char *ctx = NULL;
 	u32 len;

-	if (!audit_enabled) {
+	if (!audit_enabled && msg_type != AUDIT_USER_AVC) {
 		*ab = NULL;
 		return rc;
 	}
--
1.8.3.2




More information about the Linux-audit mailing list