94 lines
3.2 KiB
Diff
94 lines
3.2 KiB
Diff
From: Kees Cook <keescook@chromium.org>
|
|
Date: Wed, 25 Jul 2012 17:29:08 -0700
|
|
Subject: [2/2] fs: add link restriction audit reporting
|
|
|
|
commit a51d9eaa41866ab6b4b6ecad7b621f8b66ece0dc upstream.
|
|
|
|
Adds audit messages for unexpected link restriction violations so that
|
|
system owners will have some sort of potentially actionable information
|
|
about misbehaving processes.
|
|
|
|
Signed-off-by: Kees Cook <keescook@chromium.org>
|
|
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
---
|
|
fs/namei.c | 2 ++
|
|
include/linux/audit.h | 4 ++++
|
|
kernel/audit.c | 21 +++++++++++++++++++++
|
|
3 files changed, 27 insertions(+)
|
|
|
|
--- a/fs/namei.c
|
|
+++ b/fs/namei.c
|
|
@@ -652,6 +652,7 @@ static inline int may_follow_link(struct
|
|
|
|
path_put_conditional(link, nd);
|
|
path_put(&nd->path);
|
|
+ audit_log_link_denied("follow_link", link);
|
|
return -EACCES;
|
|
}
|
|
|
|
@@ -720,6 +721,7 @@ static int may_linkat(struct path *link)
|
|
capable(CAP_FOWNER))
|
|
return 0;
|
|
|
|
+ audit_log_link_denied("linkat", link);
|
|
return -EPERM;
|
|
}
|
|
|
|
--- a/include/linux/audit.h
|
|
+++ b/include/linux/audit.h
|
|
@@ -130,6 +130,7 @@
|
|
#define AUDIT_LAST_KERN_ANOM_MSG 1799
|
|
#define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */
|
|
#define AUDIT_ANOM_ABEND 1701 /* Process ended abnormally */
|
|
+#define AUDIT_ANOM_LINK 1702 /* Suspicious use of file links */
|
|
#define AUDIT_INTEGRITY_DATA 1800 /* Data integrity verification */
|
|
#define AUDIT_INTEGRITY_METADATA 1801 /* Metadata integrity verification */
|
|
#define AUDIT_INTEGRITY_STATUS 1802 /* Integrity enable status */
|
|
@@ -687,6 +688,8 @@ extern void audit_log_d_path(struct
|
|
const struct path *path);
|
|
extern void audit_log_key(struct audit_buffer *ab,
|
|
char *key);
|
|
+extern void audit_log_link_denied(const char *operation,
|
|
+ struct path *link);
|
|
extern void audit_log_lost(const char *message);
|
|
#ifdef CONFIG_SECURITY
|
|
extern void audit_log_secctx(struct audit_buffer *ab, u32 secid);
|
|
@@ -716,6 +719,7 @@ extern int audit_enabled;
|
|
#define audit_log_untrustedstring(a,s) do { ; } while (0)
|
|
#define audit_log_d_path(b, p, d) do { ; } while (0)
|
|
#define audit_log_key(b, k) do { ; } while (0)
|
|
+#define audit_log_link_denied(o, l) do { ; } while (0)
|
|
#define audit_log_secctx(b,s) do { ; } while (0)
|
|
#define audit_enabled 0
|
|
#endif
|
|
--- a/kernel/audit.c
|
|
+++ b/kernel/audit.c
|
|
@@ -1450,6 +1450,27 @@ void audit_log_key(struct audit_buffer *
|
|
}
|
|
|
|
/**
|
|
+ * audit_log_link_denied - report a link restriction denial
|
|
+ * @operation: specific link opreation
|
|
+ * @link: the path that triggered the restriction
|
|
+ */
|
|
+void audit_log_link_denied(const char *operation, struct path *link)
|
|
+{
|
|
+ struct audit_buffer *ab;
|
|
+
|
|
+ ab = audit_log_start(current->audit_context, GFP_KERNEL,
|
|
+ AUDIT_ANOM_LINK);
|
|
+ audit_log_format(ab, "op=%s action=denied", operation);
|
|
+ audit_log_format(ab, " pid=%d comm=", current->pid);
|
|
+ audit_log_untrustedstring(ab, current->comm);
|
|
+ audit_log_d_path(ab, " path=", link);
|
|
+ audit_log_format(ab, " dev=");
|
|
+ audit_log_untrustedstring(ab, link->dentry->d_inode->i_sb->s_id);
|
|
+ audit_log_format(ab, " ino=%lu", link->dentry->d_inode->i_ino);
|
|
+ audit_log_end(ab);
|
|
+}
|
|
+
|
|
+/**
|
|
* audit_log_end - end one audit record
|
|
* @ab: the audit_buffer
|
|
*
|