race in audit_log_untrusted_string for task_struct::comm

[Steve Grubb]

On Saturday, March 15, 2014 07:28:46 PM Richard Guy Briggs wrote:
> I'm inclined to go get_task_comm() in all 5 locations, but if we care
> more about locking overhead, I'll switch to memcpy().
> 
> Steve, do we care about the integrity of the comm field?

In the case of interpreters, its about the only thing we know about the 
application being executed. For example, a shell script will have exe=/bin/sh, 
so comm= is our only clue.

-Steve