[PATCH] selinux: log raw contexts as untrusted strings

Richard Guy Briggs rgb at redhat.com
Tue Jun 11 17:02:13 UTC 2019 

On 2019-06-11 10:07, Ondrej Mosnacek wrote:
> These strings may come from untrusted sources (e.g. file xattrs) so they
> need to be properly escaped.
> 
> Reproducer:
>     # setenforce 0
>     # touch /tmp/test
>     # setfattr -n security.selinux -v 'kuřecí řízek' /tmp/test
>     # runcon system_u:system_r:sshd_t:s0 cat /tmp/test
>     (look at the generated AVCs)
> 
> Actual result:
>     type=AVC [...] trawcon=kuřecí řízek
> 
> Expected result:
>     type=AVC [...] trawcon=6B75C5996563C3AD20C599C3AD7A656B
> 
> Fixes: fede148324c3 ("selinux: log invalid contexts in AVCs")
> Cc: stable at vger.kernel.org # v5.1+
> Signed-off-by: Ondrej Mosnacek <omosnace at redhat.com>

Acked-by: Richard Guy Briggs <rgb at redhat.com>

> ---
>  security/selinux/avc.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index 8346a4f7c5d7..a99be508f93d 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -739,14 +739,20 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
>  	rc = security_sid_to_context_inval(sad->state, sad->ssid, &scontext,
>  					   &scontext_len);
>  	if (!rc && scontext) {
> -		audit_log_format(ab, " srawcon=%s", scontext);
> +		if (scontext_len && scontext[scontext_len - 1] == '\0')
> +			scontext_len--;
> +		audit_log_format(ab, " srawcon=");
> +		audit_log_n_untrustedstring(ab, scontext, scontext_len);
>  		kfree(scontext);
>  	}
>  
>  	rc = security_sid_to_context_inval(sad->state, sad->tsid, &scontext,
>  					   &scontext_len);
>  	if (!rc && scontext) {
> -		audit_log_format(ab, " trawcon=%s", scontext);
> +		if (scontext_len && scontext[scontext_len - 1] == '\0')
> +			scontext_len--;
> +		audit_log_format(ab, " trawcon=");
> +		audit_log_n_untrustedstring(ab, scontext, scontext_len);
>  		kfree(scontext);
>  	}
>  }
> -- 
> 2.20.1
> 
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit

- RGB

--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

More information about the Linux-audit mailing list