Add bug fixes for link security auditing
svn path=/dists/sid/linux/; revision=19441
This commit is contained in:
parent
6984ee2510
commit
34412d8c86
|
@ -94,6 +94,8 @@ linux (3.2.32-1) UNRELEASED; urgency=low
|
|||
- sched: Better debug output for might sleep
|
||||
- stomp_machine: Use mutex_trylock when called from inactive cpu
|
||||
* [x86] storvsc: Account for in-transit packets in the RESET path
|
||||
* fs: handle failed audit_log_start properly
|
||||
* fs: prevent use after free in auditing when symlink following was denied
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Sat, 29 Sep 2012 14:19:46 +0200
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
From: Sasha Levin <sasha.levin@oracle.com>
|
||||
Date: Thu, 4 Oct 2012 19:57:31 -0400
|
||||
Subject: fs: handle failed audit_log_start properly
|
||||
|
||||
commit d1c7d97ad58836affde6e39980b96527510b572e upstream.
|
||||
|
||||
audit_log_start() may return NULL, this is unchecked by the caller in
|
||||
audit_log_link_denied() and could cause a NULL ptr deref.
|
||||
|
||||
Introduced by commit a51d9eaa ("fs: add link restriction audit reporting").
|
||||
|
||||
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
|
||||
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||||
---
|
||||
kernel/audit.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/kernel/audit.c b/kernel/audit.c
|
||||
index 4d0ceed..40414e9 100644
|
||||
--- a/kernel/audit.c
|
||||
+++ b/kernel/audit.c
|
||||
@@ -1440,6 +1440,8 @@ void audit_log_link_denied(const char *operation, struct path *link)
|
||||
|
||||
ab = audit_log_start(current->audit_context, GFP_KERNEL,
|
||||
AUDIT_ANOM_LINK);
|
||||
+ if (!ab)
|
||||
+ return;
|
||||
audit_log_format(ab, "op=%s action=denied", operation);
|
||||
audit_log_format(ab, " pid=%d comm=", current->pid);
|
||||
audit_log_untrustedstring(ab, current->comm);
|
30
debian/patches/features/all/fs-prevent-use-after-free-in-auditing-when-symlink-f.patch
vendored
Normal file
30
debian/patches/features/all/fs-prevent-use-after-free-in-auditing-when-symlink-f.patch
vendored
Normal file
|
@ -0,0 +1,30 @@
|
|||
From: Sasha Levin <sasha.levin@oracle.com>
|
||||
Date: Thu, 4 Oct 2012 19:56:40 -0400
|
||||
Subject: fs: prevent use after free in auditing when symlink following was
|
||||
denied
|
||||
|
||||
commit ffd8d101a3a7d3f2e79deee1e342801703b6dc70 upstream.
|
||||
|
||||
Commit "fs: add link restriction audit reporting" has added auditing of failed
|
||||
attempts to follow symlinks. Unfortunately, the auditing was being done after
|
||||
the struct path structure was released earlier.
|
||||
|
||||
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
|
||||
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||||
---
|
||||
fs/namei.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/fs/namei.c
|
||||
+++ b/fs/namei.c
|
||||
@@ -664,9 +664,9 @@ static inline int may_follow_link(struct
|
||||
if (parent->i_uid == inode->i_uid)
|
||||
return 0;
|
||||
|
||||
+ audit_log_link_denied("follow_link", link);
|
||||
path_put_conditional(link, nd);
|
||||
path_put(&nd->path);
|
||||
- audit_log_link_denied("follow_link", link);
|
||||
return -EACCES;
|
||||
}
|
||||
|
|
@ -64,6 +64,8 @@ features/all/hwmon-it87-Add-IT8728F-support.patch
|
|||
# Add link security restrictions from 3.6
|
||||
features/all/fs-add-link-restrictions.patch
|
||||
features/all/fs-add-link-restriction-audit-reporting.patch
|
||||
features/all/fs-handle-failed-audit_log_start-properly.patch
|
||||
features/all/fs-prevent-use-after-free-in-auditing-when-symlink-f.patch
|
||||
|
||||
# Update all Hyper-V drivers to 3.4-rc1 (no longer staging)
|
||||
features/x86/hyperv/0001-NLS-improve-UTF8-UTF16-string-conversion-routine.patch
|
||||
|
|
Loading…
Reference in New Issue