Add bug fixes for link security auditing
svn path=/dists/sid/linux/; revision=19441
This commit is contained in:
parent
6984ee2510
commit
34412d8c86
|
@ -94,6 +94,8 @@ linux (3.2.32-1) UNRELEASED; urgency=low
|
||||||
- sched: Better debug output for might sleep
|
- sched: Better debug output for might sleep
|
||||||
- stomp_machine: Use mutex_trylock when called from inactive cpu
|
- stomp_machine: Use mutex_trylock when called from inactive cpu
|
||||||
* [x86] storvsc: Account for in-transit packets in the RESET path
|
* [x86] storvsc: Account for in-transit packets in the RESET path
|
||||||
|
* fs: handle failed audit_log_start properly
|
||||||
|
* fs: prevent use after free in auditing when symlink following was denied
|
||||||
|
|
||||||
-- Ben Hutchings <ben@decadent.org.uk> Sat, 29 Sep 2012 14:19:46 +0200
|
-- Ben Hutchings <ben@decadent.org.uk> Sat, 29 Sep 2012 14:19:46 +0200
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
From: Sasha Levin <sasha.levin@oracle.com>
|
||||||
|
Date: Thu, 4 Oct 2012 19:57:31 -0400
|
||||||
|
Subject: fs: handle failed audit_log_start properly
|
||||||
|
|
||||||
|
commit d1c7d97ad58836affde6e39980b96527510b572e upstream.
|
||||||
|
|
||||||
|
audit_log_start() may return NULL, this is unchecked by the caller in
|
||||||
|
audit_log_link_denied() and could cause a NULL ptr deref.
|
||||||
|
|
||||||
|
Introduced by commit a51d9eaa ("fs: add link restriction audit reporting").
|
||||||
|
|
||||||
|
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
|
||||||
|
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||||||
|
---
|
||||||
|
kernel/audit.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/kernel/audit.c b/kernel/audit.c
|
||||||
|
index 4d0ceed..40414e9 100644
|
||||||
|
--- a/kernel/audit.c
|
||||||
|
+++ b/kernel/audit.c
|
||||||
|
@@ -1440,6 +1440,8 @@ void audit_log_link_denied(const char *operation, struct path *link)
|
||||||
|
|
||||||
|
ab = audit_log_start(current->audit_context, GFP_KERNEL,
|
||||||
|
AUDIT_ANOM_LINK);
|
||||||
|
+ if (!ab)
|
||||||
|
+ return;
|
||||||
|
audit_log_format(ab, "op=%s action=denied", operation);
|
||||||
|
audit_log_format(ab, " pid=%d comm=", current->pid);
|
||||||
|
audit_log_untrustedstring(ab, current->comm);
|
30
debian/patches/features/all/fs-prevent-use-after-free-in-auditing-when-symlink-f.patch
vendored
Normal file
30
debian/patches/features/all/fs-prevent-use-after-free-in-auditing-when-symlink-f.patch
vendored
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
From: Sasha Levin <sasha.levin@oracle.com>
|
||||||
|
Date: Thu, 4 Oct 2012 19:56:40 -0400
|
||||||
|
Subject: fs: prevent use after free in auditing when symlink following was
|
||||||
|
denied
|
||||||
|
|
||||||
|
commit ffd8d101a3a7d3f2e79deee1e342801703b6dc70 upstream.
|
||||||
|
|
||||||
|
Commit "fs: add link restriction audit reporting" has added auditing of failed
|
||||||
|
attempts to follow symlinks. Unfortunately, the auditing was being done after
|
||||||
|
the struct path structure was released earlier.
|
||||||
|
|
||||||
|
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
|
||||||
|
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||||||
|
---
|
||||||
|
fs/namei.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
--- a/fs/namei.c
|
||||||
|
+++ b/fs/namei.c
|
||||||
|
@@ -664,9 +664,9 @@ static inline int may_follow_link(struct
|
||||||
|
if (parent->i_uid == inode->i_uid)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
+ audit_log_link_denied("follow_link", link);
|
||||||
|
path_put_conditional(link, nd);
|
||||||
|
path_put(&nd->path);
|
||||||
|
- audit_log_link_denied("follow_link", link);
|
||||||
|
return -EACCES;
|
||||||
|
}
|
||||||
|
|
|
@ -64,6 +64,8 @@ features/all/hwmon-it87-Add-IT8728F-support.patch
|
||||||
# Add link security restrictions from 3.6
|
# Add link security restrictions from 3.6
|
||||||
features/all/fs-add-link-restrictions.patch
|
features/all/fs-add-link-restrictions.patch
|
||||||
features/all/fs-add-link-restriction-audit-reporting.patch
|
features/all/fs-add-link-restriction-audit-reporting.patch
|
||||||
|
features/all/fs-handle-failed-audit_log_start-properly.patch
|
||||||
|
features/all/fs-prevent-use-after-free-in-auditing-when-symlink-f.patch
|
||||||
|
|
||||||
# Update all Hyper-V drivers to 3.4-rc1 (no longer staging)
|
# Update all Hyper-V drivers to 3.4-rc1 (no longer staging)
|
||||||
features/x86/hyperv/0001-NLS-improve-UTF8-UTF16-string-conversion-routine.patch
|
features/x86/hyperv/0001-NLS-improve-UTF8-UTF16-string-conversion-routine.patch
|
||||||
|
|
Loading…
Reference in New Issue