|
Message-Id: <1341260234-32002-3-git-send-email-keescook@chromium.org> Date: Mon, 2 Jul 2012 13:17:14 -0700 From: Kees Cook <keescook@...omium.org> To: Al Viro <viro@...iv.linux.org.uk>, Andrew Morton <akpm@...ux-foundation.org> Cc: linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, Eric Paris <eparis@...hat.com>, Matthew Wilcox <matthew@....cx>, Doug Ledford <dledford@...hat.com>, Joe Korty <joe.korty@...r.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Ingo Molnar <mingo@...e.hu>, David Howells <dhowells@...hat.com>, James Morris <james.l.morris@...cle.com>, linux-doc@...r.kernel.org, Dan Rosenberg <drosenberg@...curity.com>, kernel-hardening@...ts.openwall.com, Kees Cook <keescook@...omium.org> Subject: [PATCH 2/2] fs: add link restriction audit reporting Adds audit messages for unexpected link restriction violations so that system owners will have some sort of potentially actionable information about misbehaving processes. Signed-off-by: Kees Cook <keescook@...omium.org> --- fs/namei.c | 2 ++ include/linux/audit.h | 4 ++++ kernel/audit.c | 21 +++++++++++++++++++++ 3 files changed, 27 insertions(+), 0 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 8712c14..6167420 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -682,6 +682,7 @@ static inline int may_follow_link(struct path *link, struct nameidata *nd) return 0; path_put(&nd->path); + audit_log_link_denied("follow_link", link); return -EACCES; } @@ -750,6 +751,7 @@ static int may_linkat(struct path *link) capable(CAP_FOWNER)) return 0; + audit_log_link_denied("linkat", link); return -EPERM; } diff --git a/include/linux/audit.h b/include/linux/audit.h index 22f292a..36abf2a 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -130,6 +130,7 @@ #define AUDIT_LAST_KERN_ANOM_MSG 1799 #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ #define AUDIT_ANOM_ABEND 1701 /* Process ended abnormally */ +#define AUDIT_ANOM_LINK 1702 /* Suspicious use of file links */ #define AUDIT_INTEGRITY_DATA 1800 /* Data integrity verification */ #define AUDIT_INTEGRITY_METADATA 1801 /* Metadata integrity verification */ #define AUDIT_INTEGRITY_STATUS 1802 /* Integrity enable status */ @@ -687,6 +688,8 @@ extern void audit_log_d_path(struct audit_buffer *ab, const struct path *path); extern void audit_log_key(struct audit_buffer *ab, char *key); +extern void audit_log_link_denied(const char *operation, + struct path *link); extern void audit_log_lost(const char *message); #ifdef CONFIG_SECURITY extern void audit_log_secctx(struct audit_buffer *ab, u32 secid); @@ -716,6 +719,7 @@ extern int audit_enabled; #define audit_log_untrustedstring(a,s) do { ; } while (0) #define audit_log_d_path(b, p, d) do { ; } while (0) #define audit_log_key(b, k) do { ; } while (0) +#define audit_log_link_denied(o, l) do { ; } while (0) #define audit_log_secctx(b,s) do { ; } while (0) #define audit_enabled 0 #endif diff --git a/kernel/audit.c b/kernel/audit.c index 1c7f2c6..fda8bd9 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1450,6 +1450,27 @@ void audit_log_key(struct audit_buffer *ab, char *key) } /** + * audit_log_link_denied - report a link restriction denial + * @operation: specific link opreation + * @link: the path that triggered the restriction + */ +void audit_log_link_denied(const char *operation, struct path *link) +{ + struct audit_buffer *ab; + + ab = audit_log_start(current->audit_context, GFP_KERNEL, + AUDIT_ANOM_LINK); + audit_log_format(ab, "op=%s action=denied", operation); + audit_log_format(ab, " pid=%d comm=", current->pid); + audit_log_untrustedstring(ab, current->comm); + audit_log_d_path(ab, " path=", link); + audit_log_format(ab, " dev="); + audit_log_untrustedstring(ab, link->dentry->d_inode->i_sb->s_id); + audit_log_format(ab, " ino=%lu", link->dentry->d_inode->i_ino); + audit_log_end(ab); +} + +/** * audit_log_end - end one audit record * @ab: the audit_buffer * -- 1.7.0.4
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.