Skip to content

GitLab

Switch branch/tag
History Find file
Clone
fix bogus reporting of signals by audit
Al Viro authored 

Async signals should not be reported as sent by current in audit log.  As
it is, we call audit_signal_info() too early in check_kill_permission().
Note that check_kill_permission() has that test already - it needs to know
if it should apply current-based permission checks.  So the solution is to
move the call of audit_signal_info() between those.

Bogosity in question is easily reproduced - add a rule watching for e.g.
kill(2) from specific process (so that audit_signal_info() would not
short-circuit to nothing), say load_policy, watch the bogus OBJ_PID entry
in audit logs claiming that write(2) on selinuxfs file issued by
load_policy(8) had somehow managed to send a signal to syslogd...
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
Acked-by: default avatarSteve Grubb <sgrubb@redhat.com>
Acked-by: default avatarEric Paris <eparis@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
291041e9
Name Last commit Last update
..
irq request_irq: fix DEBUG_SHIRQ handling
power hibernation doesn't even build on frv - tons of helpers are missing
time Fix timer_stats printout of events/sec
.gitignore gitignore: ignore more generated files
Kconfig.hz [PATCH] HZ: 300Hz support
Kconfig.preempt [PATCH] sched: arch preempt notifier mechanism
Makefile user namespace: add the framework
acct.c Cleanup non-arch xtime uses, use get_seconds() or current_kernel_time().
audit.c Freezer: make kernel threads nonfreezable by default
audit.h Audit: add TTY input auditing
auditfilter.c [PATCH] allow audit filtering on bit & operations
auditsc.c kernel/auditsc.c: fix an off-by-one
capability.c [PATCH] pid: replace do/while_each_task_pid with do/while_each_pid_task
compat.c signal/timer/event: timerfd compat code
configs.c use simple_read_from_buffer in kernel/
cpu.c PM: Fix dependencies of CONFIG_SUSPEND and CONFIG_HIBERNATION
cpuset.c usermodehelper: Tidy up waiting
delayacct.c sched: update delay-accounting to use CFS's precise stats
die_notifier.c move die notifier handling to common code
dma.c [PATCH] struct seq_operations and struct file_operations constification
exec_domain.c Remove obsolete #include <linux/config.h>
exit.c signalfd simplification
extable.c [PATCH] symbol_put_addr() locks kernel
fork.c signalfd simplification
futex.c robust futex thread exit race
futex_compat.c
hrtimer.c
itimer.c
kallsyms.c
kexec.c
kfifo.c
kmod.c
kprobes.c
ksysfs.c
kthread.c
latency.c
lockdep.c
lockdep_internals.h
lockdep_proc.c
module.c
mutex-debug.c
mutex-debug.h
mutex.c
mutex.h
nsproxy.c
panic.c
params.c
pid.c
posix-cpu-timers.c
posix-timers.c
printk.c
profile.c
ptrace.c
rcupdate.c
rcutorture.c
relay.c
resource.c
rtmutex-debug.c
rtmutex-debug.h
rtmutex-tester.c
rtmutex.c
rtmutex.h
rtmutex_common.h
rwsem.c
sched.c
sched_debug.c
sched_fair.c
sched_idletask.c
sched_rt.c
sched_stats.h
seccomp.c
signal.c
softirq.c
softlockup.c
spinlock.c
srcu.c
stacktrace.c
stop_machine.c
sys.c
sys_ni.c
sysctl.c
taskstats.c
time.c
timer.c
tsacct.c
uid16.c
user.c
user_namespace.c
utsname.c
utsname_sysctl.c
wait.c
workqueue.c