Received: by 10.223.185.116 with SMTP id b49csp240987wrg; Thu, 8 Mar 2018 16:35:28 -0800 (PST) X-Google-Smtp-Source: AG47ELutL7eA19DAuUQbUaFnR6j8uR2zq1xwDrz5ghvZYPcF3NMREebjfagmEGTK+v85sySPLyzz X-Received: by 10.99.169.10 with SMTP id u10mr22836267pge.163.1520555728689; Thu, 08 Mar 2018 16:35:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520555728; cv=none; d=google.com; s=arc-20160816; b=loLo79vPrklbuu1AuqJnLJMUVTH6TXVuJlyRS5kNNHHZqBEUpwkC2L4O7St+I8uF58 QuYEPN1e9wDknmR41Cgiuvu81/LDSQfIzLxRFr1OUVTum1vL49Mvl428ZgqyGyMHCkaj qzyR6iTVEInbP/n5P8TGewAV9Aw8vVRM6xgxnLgYIUCqgaK6Uk8Ku1TUTP76Zxg8l+uW w1PS5SjnfTG3fsV/5t9uZy8TLFTeW/pLI98OjNkWX/MU0HwABqvgtjoVFC+fXIKF5OP/ hPHj9+Amx0wuJnX7aoiKT0T6iu5U+r5GHfjrceaBUpHxcV+EA4K8re8CTcycEz0W+pgu P6Hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=HXVoZgCToJLlaCLtM2M1JV83TPPei20ammx8vmOLozY=; b=o4brx1FisdTWH2T/TKkpckbrEXKg0tzN+ZtmoeKLUxJlPJ9KbbnaNoNtt+oXZHUO+W 0sOXH92YkmPVfVYGCPHZPEsmwFmlpEk6mXO9UKJXVL1KYIrMb/iw4IcbBxdGIS7pZIFh t2bY+i1dJc5ZJKNlWQBRM99Qbvcp+R/evLKIr/3tYr/lHjirzmTfP3szx2XACJ/nTNmg TyDrTZ8y65ka7+x7m5EuL0VErFqedqyew5fHVllKDIiGeKaj8wVXV4Ea6L3V06zt+xxd 4UFbCzg9E2H8/g+AiWf4FX5qL73R6s8rCqGdvZrLwsxk3v2/FK7h0iKGcEhW73AliR1z bmqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=MNtzIipl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q22si106409pfj.50.2018.03.08.16.35.13; Thu, 08 Mar 2018 16:35:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=MNtzIipl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932075AbeCIAeB (ORCPT + 99 others); Thu, 8 Mar 2018 19:34:01 -0500 Received: from mail-lf0-f65.google.com ([209.85.215.65]:36514 "EHLO mail-lf0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750922AbeCIAeA (ORCPT ); Thu, 8 Mar 2018 19:34:00 -0500 Received: by mail-lf0-f65.google.com with SMTP id e28-v6so1981427lfc.3 for ; Thu, 08 Mar 2018 16:33:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=HXVoZgCToJLlaCLtM2M1JV83TPPei20ammx8vmOLozY=; b=MNtzIiplYxdEHEoY2KIM8wmkGTe8xCEANwf+/lXXHPJoi5t50RiBUEKbI0+8BzcrRV 2ArHCqD+cLpbmBw4fYYxjmy6iM1j9MYQp6/xO8alq3dVTcQEAgH8yJPHOJ0lQIl8oGJE p0qiPk36HWyDrJKR5KvicfcHEO3jOEUeFifNBzIyzlFnPOKVB1IRXWkhAWc2uQYhMp5k A6/RBkknw5p5WbxUyWjuxVv0B3GjSm81DcjpD7fo1jrCWgNJaOEem5ql7o1q30j2EXX1 m2/hEamfCOk/YhEI7h/AO/aHqAYUOKf0VyXHIxPJdtzGjgP+w4WFeu4HzAB5+X4jWhlW P28A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=HXVoZgCToJLlaCLtM2M1JV83TPPei20ammx8vmOLozY=; b=onCR+rSZqAVIBILGK5bY+hUhlycb2H4VYdXf7KXn32VCSxlIrlqK1Yj7pV+66Fafm/ idCO2RWvpWLt9O6LxxP0JcChveYguPBdOoifU1uDos7O3Fi9mME0LROX3XByeR3R3O52 bBN1Lzzk9YHmgHg8fd8U0M0jEbCd7m5Mh7biZ06U24IGJ2celsJdM4AfB7l33zKvqjB6 UI8xpFbhLozKKrmTllgNUqE4JV+x7nSmcfVR8RPTvx2lD/B009iwX+F5qaoR8i6Xb7i/ D8+wYFLtAOGjzarZ0TzPlNB5dmwbw1l5lxMotCCAYcXA1pkMoeydFu44ivdOSNQzgwPD vvfA== X-Gm-Message-State: AElRT7HfNCbzbCFXvAkLdROYRoqaM2X70N4Ye7DhZD8zplQAWRDkpVLO H0CqEQyI7c0hxzzbr3bFBOXvodJrX2JmpyNWL2Ku9Hk= X-Received: by 10.25.193.78 with SMTP id r75mr19095757lff.124.1520555638944; Thu, 08 Mar 2018 16:33:58 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.216.167 with HTTP; Thu, 8 Mar 2018 16:33:58 -0800 (PST) X-Originating-IP: [108.20.156.165] In-Reply-To: References: From: Paul Moore Date: Thu, 8 Mar 2018 19:33:58 -0500 Message-ID: Subject: Re: [RFC PATCH ghak21 3/4] audit: add refused symlink to audit_names To: Richard Guy Briggs Cc: Linux-Audit Mailing List , LKML , Eric Paris , Steve Grubb , Kees Cook Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 8, 2018 at 7:30 PM, Paul Moore wrote: > On Wed, Feb 14, 2018 at 11:18 AM, Richard Guy Briggs wrote: >> Audit link denied events for symlinks had duplicate PATH records rather >> than just updating the existing PATH record. Update the symlink's PATH >> record with the current dentry and inode information. >> >> See: https://github.com/linux-audit/audit-kernel/issues/21 >> Signed-off-by: Richard Guy Briggs >> --- >> fs/namei.c | 1 + >> 1 file changed, 1 insertion(+) > > Merged. Scratch that, not merged, although only because I think we need to refactor patch 4/4 and the refactoring can/should encompass this patch. See my comments on 4/4. >> diff --git a/fs/namei.c b/fs/namei.c >> index 9cc91fb..0edf133 100644 >> --- a/fs/namei.c >> +++ b/fs/namei.c >> @@ -945,6 +945,7 @@ static inline int may_follow_link(struct nameidata *nd) >> if (nd->flags & LOOKUP_RCU) >> return -ECHILD; >> >> + audit_inode(nd->name, nd->stack[0].link.dentry, 0); >> audit_log_link_denied("follow_link", &nd->stack[0].link); >> return -EACCES; >> } >> -- >> 1.8.3.1 -- paul moore www.paul-moore.com