[Bug 237270] New: audit_log_task_context does not terminate string
https://bugzilla.novell.com/show_bug.cgi?id=237270 Summary: audit_log_task_context does not terminate string Product: openSUSE 10.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel AssignedTo: kernel-maintainers@forge.provo.novell.com ReportedBy: meissner@novell.com QAContact: qa@suse.de CC: tonyj@novell.com audit_log_task_context does not terminate the string it gets from security_getprocattr() witzh a \0. since apparmor does not terminate this string we get junk spewed into the audit logfile by the SYSCALL auditing. selinux code is hard to follow but might terminate it with \0. I think this only affects opensuse 10.2 and likely mainline. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237270 lmb@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kernel- |dreynolds@novell.com |maintainers@forge.provo.nove| |ll.com | Status Whiteboard| |kernel:10.2 ------- Comment #1 from lmb@novell.com 2007-01-23 03:44 MST ------- Re-assigning to apparmor team. Please make sure it doesn't affect SLES10; if it does, please update the status whiteboard accordingly. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237270 dreynolds@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|dreynolds@novell.com |jjohansen@novell.com ------- Comment #2 from dreynolds@novell.com 2007-01-26 14:58 MST ------- jj. Can you validate that this doesn't impact sle10 (sp1) with the backported changes from audit for sp1? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237270 dreynolds@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237270 sbeattie@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sbeattie@novell.com ------- Comment #3 from sbeattie@novell.com 2007-01-27 00:50 MST ------- Frankly, security_getprocattr() presents a craptacular interface. The proc_pid_attr_read() function wants a length returned (strlen) that does not include a trailing \0, or else it will emit the \0 when /proc/pid/attr/* is read from. But audit_log_task_context() kmallocs a string based on the length returned when size=0 is passed to security_getprocattr(), which means that a security_getprocattr() implementation has to return strlen+1 when size=0 if storage is to be allocated for the \0. Looking at the selinux code and experimenting with a RHEL5b2 box, selinux does terminate the string and returns the length including the trailing \0 and thus the /proc/self/attr/current file contains it: [root@vmrhel5 ~]# hexdump -C /proc/self/attr/current 00000000 72 6f 6f 74 3a 73 79 73 74 65 6d 5f 72 3a 75 6e |root:system_r:un| 00000010 63 6f 6e 66 69 6e 65 64 5f 74 3a 73 30 2d 73 30 |confined_t:s0-s0| 00000020 3a 63 30 2e 63 31 30 32 33 00 |:c0.c1023.| 0000002a We used to null terminate the string, but didn't want the null garbage in the /proc/self/attr/current file. I don't think it broke any of our tools to have a null terminated string there; but we'd need to revalidate. Fixing proc_pid_attr_read() to expect a null terminated string might be the best way to fix this issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237270
User jjohansen@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=237270#c4
John Johansen
participants (1)
-
bugzilla_noreply@novell.com