From: Peter Zijlstra <a.p.zijlstra@chello.nl>
To: Eric Paris <eparis@redhat.com>
Cc: linux-audit@redhat.com
Subject: Re: [PATCH 2/2] Audit: remove the limit on execve arguments when audit is running
Date: Wed, 03 Oct 2007 18:56:11 +0200 [thread overview]
Message-ID: <1191430571.5599.31.camel@lappy> (raw)
In-Reply-To: <1191360589.9506.34.camel@localhost.localdomain>
Hi Eric,
Thanks for ridding us of this wart!
On Tue, 2007-10-02 at 17:29 -0400, Eric Paris wrote:
> Remove the limitation on argv size. The audit system now logs arguments 8k at a
> time so the attempt to keep the size of the execve args smaller than one netlink
> message is no longer a requirement.
>
> Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
> ---
> kernel/auditsc.c | 10 ----------
> kernel/sysctl.c | 11 -----------
> 2 files changed, 0 insertions(+), 21 deletions(-)
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index f9f61db..6627fce 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1876,8 +1876,6 @@ int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode
> return 0;
> }
>
> -int audit_argv_kb = 32;
> -
> int audit_bprm(struct linux_binprm *bprm)
> {
> struct audit_aux_data_execve *ax;
> @@ -1886,14 +1884,6 @@ int audit_bprm(struct linux_binprm *bprm)
> if (likely(!audit_enabled || !context || context->dummy))
> return 0;
>
> - /*
> - * Even though the stack code doesn't limit the arg+env size any more,
> - * the audit code requires that _all_ arguments be logged in a single
> - * netlink skb. Hence cap it :-(
> - */
> - if (bprm->argv_len > (audit_argv_kb << 10))
> - return -E2BIG;
> -
> ax = kmalloc(sizeof(*ax), GFP_KERNEL);
> if (!ax)
> return -ENOMEM;
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index 53a456e..88e5d06 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -77,7 +77,6 @@ extern int percpu_pagelist_fraction;
> extern int compat_log;
> extern int maps_protect;
> extern int sysctl_stat_interval;
> -extern int audit_argv_kb;
>
> /* this is needed for the proc_dointvec_minmax for [fs_]overflow UID and GID */
> static int maxolduid = 65535;
> @@ -347,16 +346,6 @@ static ctl_table kern_table[] = {
> .mode = 0644,
> .proc_handler = &proc_dointvec,
> },
> -#ifdef CONFIG_AUDITSYSCALL
> - {
> - .ctl_name = CTL_UNNUMBERED,
> - .procname = "audit_argv_kb",
> - .data = &audit_argv_kb,
> - .maxlen = sizeof(int),
> - .mode = 0644,
> - .proc_handler = &proc_dointvec,
> - },
> -#endif
> {
> .ctl_name = KERN_CORE_PATTERN,
> .procname = "core_pattern",
>
>
next prev parent reply other threads:[~2007-10-03 16:56 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-02 21:29 [PATCH 2/2] Audit: remove the limit on execve arguments when audit is running Eric Paris
2007-10-03 16:56 ` Peter Zijlstra [this message]
2007-10-05 15:11 ` Eric Paris
2007-10-05 15:44 ` Steve Grubb
2007-10-08 19:45 ` Klaus Weidner
2007-10-08 21:41 ` Steve Grubb
2007-10-08 22:45 ` Linda Knippers
2007-10-09 0:17 ` Steve Grubb
2007-10-09 2:34 ` Linda Knippers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1191430571.5599.31.camel@lappy \
--to=a.p.zijlstra@chello.nl \
--cc=eparis@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.