Received: by 10.223.185.116 with SMTP id b49csp251602wrg; Thu, 8 Mar 2018 16:51:25 -0800 (PST) X-Google-Smtp-Source: AG47ELsUas3FX7htNlq5kddAIBEqN+bMVq3+DlNOUaJOTNbNS6ypIPcdaivcoa9r7C2NjynOW6nI X-Received: by 10.99.135.65 with SMTP id i62mr22637971pge.331.1520556684961; Thu, 08 Mar 2018 16:51:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520556684; cv=none; d=google.com; s=arc-20160816; b=A/sUi6J6Z97PWBxqmVel6bFOhRU/nAUkFAN3LY97AjXYtgfHE4aXBdVyk/P8F9rGfE aEUH4YwvEHbOLqlgO8ep4ebn4iW+n3l29OycAJ8FuCIkwVcwC5yj7nJOxuNEAmpvcV29 wQpUutamMAEhrMSl1da9rMqpcycb1Mijh+4VAO2diGOJ8gzn14PEIZi+5HCNZdSpawHY RyFkogSjVfnPlLu5bEivstACrira6uvGjZ3v7ZbutkI81Dw/IZIsY/NyTA8XEFIUvVn+ F8gpylZnENq/22gBVRTK4mPa8/hK5LJCR0DivhYBXZ122rw46KMf7nknCCgL1/Lo19pq 1bUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=MKkAbfq8ArrygT3rkbUlV5EDOhwS9p9468HSQVvF9wA=; b=0IGFm+7lsnH26qrTVjEU3A1TZE4u2PrWHByuGNq2jSVarTN/jItDQv5cgXffL5Id+0 nGs1sfmZkxcwi0homtQ0OeAETyCkyMmD7DIHW4UEO9HRSxdAfC11TDVZWkmUcmoBZ4Hl ZgZMNNb++DlXdEQR77ROlqIp+1SiEktSrL3ZdzhusF7aU3SbzF5wLW5YB/fpLsM3PIcG lKNbrQXZ7XMyUc8arpbmLKzySan1o13+EfF121PfcyrnkbQV+Iq9KoRAEzdrbbQEAAho mUBLKQ5mpNPsENuXlBkLmHFxvuHJVyCWD2iyWpwV3aso+aCWTlx5yk/PpqfMP9WryPJe YGJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=NgChuXaf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k22-v6si15760945pls.182.2018.03.08.16.51.09; Thu, 08 Mar 2018 16:51:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=NgChuXaf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751254AbeCIAuI (ORCPT + 99 others); Thu, 8 Mar 2018 19:50:08 -0500 Received: from mail-lf0-f67.google.com ([209.85.215.67]:43764 "EHLO mail-lf0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750885AbeCIAuH (ORCPT ); Thu, 8 Mar 2018 19:50:07 -0500 Received: by mail-lf0-f67.google.com with SMTP id q69-v6so10931284lfi.10 for ; Thu, 08 Mar 2018 16:50:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=MKkAbfq8ArrygT3rkbUlV5EDOhwS9p9468HSQVvF9wA=; b=NgChuXafT/Dd8tpwaKvbYQSnRsrudyLObEZ1CouV+FuBPaE87EJsyG1yGxUTxipDsv TNnctfPUlDkhTw/WmohLjWaCF4kPSVJk71JFjAa/7JW1wCECRajZUiWKSp8TRZXIeiBM xLDuBVu+e86KIU4K6VXbEtFTzP1jDaF0pFQiOw1M5yo5rikAWmjmnAjmHbv3y31u3hd/ cda1cW1QOgidrGkNQT5mZVdOAWnsnPsS4Znmn3kceOu+RpxhGQEO4e1f1GPKgIj741fB 9FX7iB0rsajX93Jb0+a5f916ZD5yKHjuPQRIR/5ZlRdFP5X8tzxTv2GSQqzUG7R9nC8e tgaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=MKkAbfq8ArrygT3rkbUlV5EDOhwS9p9468HSQVvF9wA=; b=VWjot0JgrMNjhCpOc3/zYC5GNPFzSItkLUGswQs6b/YmuBM3gs4i3Y5RR6AVjaKm/c l6ISkMD8edL8anjoNMD0DDFSX5JXXAKFSbQe5t6+qA54j04FYdwBNBTPLoXdisq0D9BH TRMCrxDHzgqoLlNZbbIBcBIvy3ziJirIcOETthUMhXHwBEYDG6DHP77vLhUq+NzXW809 ORIISdCT5Oi3J8FsFPEOv95LSw20rZd+rjniofdCpf5/bkdil4gpe5xACF/FGUyRGPLZ OUrxzDrupNa13eUEpjaBJyAILKJqmMCgeTLwHsnYI2sffQe45kMRPgNEnDDMKDlaDMuv ppOw== X-Gm-Message-State: AElRT7GygJFEXyGx9wzC9pD7O4G7rpYJUuScDEocHvEtNbz2OpuSOcRA l+LYQmHWu5Yt0sHnD+XQjRGCnyfn52djhAB3NfHW X-Received: by 10.46.5.3 with SMTP id 3mr19387169ljf.135.1520556606089; Thu, 08 Mar 2018 16:50:06 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.216.167 with HTTP; Thu, 8 Mar 2018 16:50:05 -0800 (PST) X-Originating-IP: [108.20.156.165] In-Reply-To: <1c5184985e422774329484153b0147c2861e91a7.1518603831.git.rgb@redhat.com> References: <1c5184985e422774329484153b0147c2861e91a7.1518603831.git.rgb@redhat.com> From: Paul Moore Date: Thu, 8 Mar 2018 19:50:05 -0500 Message-ID: Subject: Re: [RFC PATCH ghak21 4/4] audit: add parent of refused symlink to audit_names To: Richard Guy Briggs Cc: Linux-Audit Mailing List , LKML , Eric Paris , Steve Grubb , Kees Cook Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 14, 2018 at 11:18 AM, Richard Guy Briggs wrote: > Audit link denied events for symlinks were missing the parent PATH > record. Add it. Since the full pathname may not be available, > reconstruct it from the path in the nameidata supplied. > > See: https://github.com/linux-audit/audit-kernel/issues/21 > Signed-off-by: Richard Guy Briggs > --- > fs/namei.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/fs/namei.c b/fs/namei.c > index 0edf133..bf1c046b 100644 > --- a/fs/namei.c > +++ b/fs/namei.c > @@ -923,6 +923,7 @@ static inline int may_follow_link(struct nameidata *nd) > const struct inode *inode; > const struct inode *parent; > kuid_t puid; > + char *pathname; > > if (!sysctl_protected_symlinks) > return 0; > @@ -945,6 +946,14 @@ static inline int may_follow_link(struct nameidata *nd) > if (nd->flags & LOOKUP_RCU) > return -ECHILD; > > + pathname = kmalloc(PATH_MAX + 1, GFP_KERNEL); > + if (!pathname) > + return -ENOMEM; Two things here: 1. We need to allocate a buffer to feed to d_absolute_path(), and getname_kernel() is just going to make another copy so we need to make sure we clean up after ourselves. Perhaps I missing it, but I'm not seeing where we free the kmalloc'd buffer or call putname(). Feel free to correct me if I'm missing something obvious. 2. While the audit_* calls are going to bail early in the cases where audit is disabled, or not configured, we are going to pay the penalty for the kmalloc() call above, as well as the getname_kernel() and d_absolute_path() calls below. I think it might be beneficial to create a new function (audit_log_symlink_denied() perhaps?) which encapsulates all the audit bits in may_follow_link() and exits early when needed. What do you think? (Point #2 is why I didn't merge patch 3/4, just include it in this revised patch) > + audit_inode(getname_kernel(d_absolute_path(&nd->stack[0].link, pathname, > + PATH_MAX + 1)), > + nd->stack[0].link.dentry, 0); > + audit_inode(nd->name, nd->stack[0].link.dentry->d_parent, LOOKUP_PARENT); > + > audit_inode(nd->name, nd->stack[0].link.dentry, 0); > audit_log_link_denied("follow_link", &nd->stack[0].link); > > return -EACCES; > -- > 1.8.3.1 -- paul moore www.paul-moore.com