Re: 3.6-rc4 audit_log_d_path oops.

From: Kees Cook
Date: Thu Sep 06 2012 - 13:50:20 EST

Next message: Jason Baron: "Re: [PATCH 0/5] dev_<level> and dynamic_debug cleanups"
Previous message: Peter Zijlstra: "Re: [PATCH tip/core/rcu 07/23] rcu: Provide OOM handler to motivatelazy RCU callbacks"
In reply to: Dave Jones: "Re: 3.6-rc4 audit_log_d_path oops."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 6, 2012 at 9:45 AM, Dave Jones <davej@xxxxxxxxxx> wrote:
> On Thu, Sep 06, 2012 at 09:32:49AM -0700, Kees Cook wrote:
> > > I just realised, the funny thing about this is that the machine running that test
> > > had selinux/audit disabled. And yet here we are, screwing around with audit buffers.
> >
> > The intent was to have this message show up in dmesg even if auditd
> > wasn't running, and even if the specific process wasn't being
> > explicitly audited.
> >
> > > Should there be a test on audit_enable=0 in audit_log_link_denied() ?
> > >
> > > I'm now curious how much more of the audit code is getting run through similar lack of tests
> >
> > What is the condition in which audit_log_start fails?
>
> in the case of that oops, given I had booted with audit=0, I suspect it was hitting the first check...
>
> 1157 if (audit_initialized != AUDIT_INITIALIZED)
> 1158 return NULL;

Ah-ha, okay. Yeah, I'm fine with the fix you had. If _start fails, just return.

-Kees

--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jason Baron: "Re: [PATCH 0/5] dev_<level> and dynamic_debug cleanups"
Previous message: Peter Zijlstra: "Re: [PATCH tip/core/rcu 07/23] rcu: Provide OOM handler to motivatelazy RCU callbacks"
In reply to: Dave Jones: "Re: 3.6-rc4 audit_log_d_path oops."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]