Received: by 10.192.165.148 with SMTP id m20csp26135imm; Wed, 9 May 2018 08:14:59 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpFYVsxhFd89H+G4jx8swjNOB9qTdvGg83z/+7h531O3aJcPS3BkarX2eps5Zh5uQHUYnRf X-Received: by 10.98.196.19 with SMTP id y19mr44430048pff.97.1525878899937; Wed, 09 May 2018 08:14:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525878899; cv=none; d=google.com; s=arc-20160816; b=XbErQHT4kC+gRYMl4/F+ZGGpDV89LS/qHcXleo01Kefyg1rVswLO/cScWZdpOWa1h2 9bCbCCyJB/5ZIbUcAQAts/o5oQg5+DUi7DChE32nghwZcx0VZ/GIOQMvxfQ4VWNBwijQ AOYnWzXk7vBjoZCCDJSF388mEvJerK8sSKBUyXi2g7p/8usV9TGOTHmwH42I0fkkaiZE RZD860Z6r3zKu0z5bd3DDZ0f0I2nfQvP9mzaUP25ppmBob/LhuY8Lll1Y4dP+jM91X9Q f3pTEXTWRH8TAVFuVv1jVCV2msmYNn9EvCi2ZK+4omxERyzdoxKONCfvJAL4gWV0+lAO O3bA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=71cLW03OzdyJngS0q2ZJNcwbQgkVZJB43Ekw+Br1PbI=; b=KOgrnbfo+Hrqki6z22aY4Qe6blFrNc6Wxv/JcS7rBTc5Lzlk6PhxTvS5oUvjJA91AE gz4Y3X0doO4tDJeaM55GMvLz42QcSW02EE7DIjunpIDNN2UreGQvzTpY5BypJM6ggDTQ QqSJZKtUpF+nsyIXVvDY+1OVBHwfwEgN95ohpxN05WWPRQLpPP60eImHeM/wZEaP83HM XfOptfoa4i3yvpCCq2XaI2oY08r0TSwanTHsexDW4VaE1rp1SUxMI+czoMFXGdk4yG9A Kdmvd17OzDOG5c6a5TaMVrfiR9WXSz52FKbf4DHMMzMi0RMlI4S9yl3XT8zQjTosDoyk oEgg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=izj3dOmM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t6-v6si316973pgr.355.2018.05.09.08.14.45; Wed, 09 May 2018 08:14:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=izj3dOmM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964963AbeEIPNw (ORCPT + 99 others); Wed, 9 May 2018 11:13:52 -0400 Received: from mail-lf0-f67.google.com ([209.85.215.67]:32843 "EHLO mail-lf0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964844AbeEIPNt (ORCPT ); Wed, 9 May 2018 11:13:49 -0400 Received: by mail-lf0-f67.google.com with SMTP id m18-v6so51496333lfb.0 for ; Wed, 09 May 2018 08:13:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=71cLW03OzdyJngS0q2ZJNcwbQgkVZJB43Ekw+Br1PbI=; b=izj3dOmMtfLljrs2U9P3YiD06c7RvMHDUVEv5hK4NKbM6mnqxiAdr6U44nctjrSRCy BT1JN9z3fOHs6bI3Lvs5kXVanlWaShdXGnZs/X2+B8UEcJjv/cg6EZ4wHFpWDpBxtzji qEQU7Jqn3e2biDRFz0mqkMxZQUqxN/QEOYpSkKS8mOAf3wDLoNzISqEbSXec4KTnbTi8 79SzqOeu5WQtfmUtPreXIDg8rfxNktUCpNs87oaaFN40HtBbhOe3OGt6nw0ShRh4ErKi lILeWIZFeqT5gOPXuSxDYyHbKh61pcFCp77XjPMy+smh/LzF4M2ZuihY5lRcEp3sQlYs QGGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=71cLW03OzdyJngS0q2ZJNcwbQgkVZJB43Ekw+Br1PbI=; b=t86hKOPi0TGrKHGxp6g1nN88wf6EFNliLpyx3GsY5/ekeK2WLZJgl5aLBrBOIA/dL0 EAwJJFqeEA9+Lg7USslrGrL+IkLCa6RnlWdSzXL85bH9WwI+eKLYSZ0ETFApHKOdLsXe fgb0tdM2/YCLDgPIF45tnbdB5FVOWuVC85/kRkOvtZ5a7tk6TvSwjJutcjb0ADqAb4U5 zO1q3svCPujbHvYXsoV12XxIIQPn8ohgbArj6jL70Zsvh955QljXicAZ6NwyJhlxvpt2 JByKCZl9JTP33k/t2PYcF6H1u7tw28GXKUWPwMUWBS6zrz0C/Y1hrU27QGC440qOCgyD 1/Ug== X-Gm-Message-State: ALQs6tCXAbE4Z5yWLxB7Mmu9eTDS1C/NXXFNM0jlRA+iQW3cm1TZFF/+ 3boUrYOq2meatcsZi/NWE7h8ObeuPInI53Si5C7I X-Received: by 2002:a2e:8518:: with SMTP id j24-v6mr32631153lji.12.1525878827802; Wed, 09 May 2018 08:13:47 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a19:a947:0:0:0:0:0 with HTTP; Wed, 9 May 2018 08:13:47 -0700 (PDT) X-Originating-IP: [68.177.129.184] In-Reply-To: <611e9c85fca8bcdb24e6fb6da412773663c007b3.1525466167.git.rgb@redhat.com> References: <611e9c85fca8bcdb24e6fb6da412773663c007b3.1525466167.git.rgb@redhat.com> From: Paul Moore Date: Wed, 9 May 2018 11:13:47 -0400 Message-ID: Subject: Re: [PATCH ghak81 RFC V1 1/5] audit: normalize loginuid read access To: Richard Guy Briggs Cc: Linux-Audit Mailing List , LKML , Linux NetDev Upstream Mailing List , Netfilter Devel List , Linux Security Module list , Integrity Measurement Architecture , SElinux list , Eric Paris , Steve Grubb , Ingo Molnar , David Howells Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 4, 2018 at 4:54 PM, Richard Guy Briggs wrote: > Recognizing that the loginuid is an internal audit value, use an access > function to retrieve the audit loginuid value for the task rather than > reaching directly into the task struct to get it. > > Signed-off-by: Richard Guy Briggs > --- > kernel/auditsc.c | 16 ++++++++-------- > 1 file changed, 8 insertions(+), 8 deletions(-) > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 479c031..f3817d0 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -374,7 +374,7 @@ static int audit_field_compare(struct task_struct *tsk, > case AUDIT_COMPARE_EGID_TO_OBJ_GID: > return audit_compare_gid(cred->egid, name, f, ctx); > case AUDIT_COMPARE_AUID_TO_OBJ_UID: > - return audit_compare_uid(tsk->loginuid, name, f, ctx); > + return audit_compare_uid(audit_get_loginuid(tsk), name, f, ctx); > case AUDIT_COMPARE_SUID_TO_OBJ_UID: > return audit_compare_uid(cred->suid, name, f, ctx); > case AUDIT_COMPARE_SGID_TO_OBJ_GID: > @@ -385,7 +385,7 @@ static int audit_field_compare(struct task_struct *tsk, > return audit_compare_gid(cred->fsgid, name, f, ctx); > /* uid comparisons */ > case AUDIT_COMPARE_UID_TO_AUID: > - return audit_uid_comparator(cred->uid, f->op, tsk->loginuid); > + return audit_uid_comparator(cred->uid, f->op, audit_get_loginuid(tsk)); > case AUDIT_COMPARE_UID_TO_EUID: > return audit_uid_comparator(cred->uid, f->op, cred->euid); > case AUDIT_COMPARE_UID_TO_SUID: > @@ -394,11 +394,11 @@ static int audit_field_compare(struct task_struct *tsk, > return audit_uid_comparator(cred->uid, f->op, cred->fsuid); > /* auid comparisons */ > case AUDIT_COMPARE_AUID_TO_EUID: > - return audit_uid_comparator(tsk->loginuid, f->op, cred->euid); > + return audit_uid_comparator(audit_get_loginuid(tsk), f->op, cred->euid); > case AUDIT_COMPARE_AUID_TO_SUID: > - return audit_uid_comparator(tsk->loginuid, f->op, cred->suid); > + return audit_uid_comparator(audit_get_loginuid(tsk), f->op, cred->suid); > case AUDIT_COMPARE_AUID_TO_FSUID: > - return audit_uid_comparator(tsk->loginuid, f->op, cred->fsuid); > + return audit_uid_comparator(audit_get_loginuid(tsk), f->op, cred->fsuid); > /* euid comparisons */ > case AUDIT_COMPARE_EUID_TO_SUID: > return audit_uid_comparator(cred->euid, f->op, cred->suid); > @@ -611,7 +611,7 @@ static int audit_filter_rules(struct task_struct *tsk, > result = match_tree_refs(ctx, rule->tree); > break; > case AUDIT_LOGINUID: > - result = audit_uid_comparator(tsk->loginuid, f->op, f->uid); > + result = audit_uid_comparator(audit_get_loginuid(tsk), f->op, f->uid); > break; > case AUDIT_LOGINUID_SET: > result = audit_comparator(audit_loginuid_set(tsk), f->op, f->val); > @@ -2287,8 +2287,8 @@ int audit_signal_info(int sig, struct task_struct *t) > (sig == SIGTERM || sig == SIGHUP || > sig == SIGUSR1 || sig == SIGUSR2)) { > audit_sig_pid = task_tgid_nr(tsk); > - if (uid_valid(tsk->loginuid)) > - audit_sig_uid = tsk->loginuid; > + if (uid_valid(audit_get_loginuid(tsk))) > + audit_sig_uid = audit_get_loginuid(tsk); I realize this comment is a little silly given the nature of loginuid, but if we are going to abstract away loginuid accesses (which I think is good), we should probably access it once, store it in a local variable, perform the validity check on the local variable, then commit the local variable to audit_sig_uid. I realize a TOCTOU problem is unlikely here, but with this new layer of abstraction it seems that some additional safety might be a good thing. > else > audit_sig_uid = uid; > security_task_getsecid(tsk, &audit_sig_sid); > -- > 1.8.3.1 -- paul moore www.paul-moore.com