[PATCH] Audit: close race between audit_syscall_exit and proc_loginuid_read

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Paris <eparis@redhat.com>
To: linux-audit@redhat.com
Subject: [PATCH] Audit: close race between audit_syscall_exit and proc_loginuid_read
Date: Wed, 03 Oct 2007 14:21:35 -0400	[thread overview]
Message-ID: <1191435695.9506.50.camel@localhost.localdomain> (raw)

audit_syscall_exit() calls audit_get_context() which returns the
tsk->audit_context but then also sets tsk->audit_context=NULL.  A few
lines later audit_syscall_exit sets the audit_context (either back to
audit_context or to a different context)

During this window when tsk->audit_context is NULL it is possible that
another process will try to read /proc/pid/loginuid and will get a -1.
There does not appear to be a good reason to set audit_context to null
in the get function so this patch merely leaves the audit_context alone
so there is no period of time in which audit_context is not pointing to
a valid context.

Signed-off-by: Eric Paris <eparis@redhat.com>

---

Easily tested, I opened 2 shells.  

shell #1 I read /proc/shell2/loginuid in a very very tight loop.
shell #2 I ran a tight loop adding and removing audit rules

without the patch I often saw -1 as the loginuid but with the patch I
always got the correct behavior.

 kernel/auditsc.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 04f3ffb..62ace9b 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -598,7 +598,6 @@ static inline struct audit_context *audit_get_context(struct task_struct *tsk,

 get_context:

-	tsk->audit_context = NULL;
 	return context;
 }

@@ -1135,6 +1134,8 @@ void audit_free(struct task_struct *tsk)
 	if (likely(!context))
 		return;

+	tsk->audit_context = NULL;
+
 	/* Check for system calls that do not go through the exit
 	 * function (e.g., exit_group), then free context block. 
 	 * We use GFP_ATOMIC here because we might be doing this 
@@ -1266,9 +1267,9 @@ void audit_syscall_exit(int valid, long return_code)

 	if (context->previous) {
 		struct audit_context *new_context = context->previous;
+		tsk->audit_context = new_context;
 		context->previous  = NULL;
 		audit_free_context(context);
-		tsk->audit_context = new_context;
 	} else {
 		audit_free_names(context);
 		audit_free_aux(context);

next             reply	other threads:[~2007-10-03 18:21 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-10-03 18:21 Eric Paris [this message]
2007-10-03 18:29 ` [PATCH] Audit: close race between audit_syscall_exit and proc_loginuid_read Steve Grubb
2007-10-03 18:43   ` Eric Paris

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:04f3ffb dfblob:62ace9b )
 OR (
bs:"[PATCH] Audit: close race between audit_syscall_exit and proc_loginuid_read" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1191435695.9506.50.camel@localhost.localdomain \
    --to=eparis@redhat.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.