From: Peter Zijlstra <a.p.zijlstra@chello.nl>
To: Eric Paris <eparis@redhat.com>
Cc: linux-audit@redhat.com
Subject: Re: [PATCH 2/2] Audit: remove the limit on execve arguments when audit is running
Date: Wed, 03 Oct 2007 18:56:11 +0200 [thread overview]
Message-ID: <1191430571.5599.31.camel@lappy> (raw)
In-Reply-To: <1191360589.9506.34.camel@localhost.localdomain>
Hi Eric,
Thanks for ridding us of this wart!
On Tue, 2007-10-02 at 17:29 -0400, Eric Paris wrote:
> Remove the limitation on argv size. The audit system now logs arguments 8k at a
> time so the attempt to keep the size of the execve args smaller than one netlink
> message is no longer a requirement.
>
> Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
> ---
> kernel/auditsc.c | 10 ----------
> kernel/sysctl.c | 11 -----------
> 2 files changed, 0 insertions(+), 21 deletions(-)
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index f9f61db..6627fce 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1876,8 +1876,6 @@ int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode
> return 0;
> }
>
> -int audit_argv_kb = 32;
> -
> int audit_bprm(struct linux_binprm *bprm)
> {
> struct audit_aux_data_execve *ax;
> @@ -1886,14 +1884,6 @@ int audit_bprm(struct linux_binprm *bprm)
> if (likely(!audit_enabled || !context || context->dummy))
> return 0;
>
> - /*
> - * Even though the stack code doesn't limit the arg+env size any more,
> - * the audit code requires that _all_ arguments be logged in a single
> - * netlink skb. Hence cap it :-(
> - */
> - if (bprm->argv_len > (audit_argv_kb << 10))
> - return -E2BIG;
> -
> ax = kmalloc(sizeof(*ax), GFP_KERNEL);
> if (!ax)
> return -ENOMEM;
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index 53a456e..88e5d06 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -77,7 +77,6 @@ extern int percpu_pagelist_fraction;
> extern int compat_log;
> extern int maps_protect;
> extern int sysctl_stat_interval;
> -extern int audit_argv_kb;
>
> /* this is needed for the proc_dointvec_minmax for [fs_]overflow UID and GID */
> static int maxolduid = 65535;
> @@ -347,16 +346,6 @@ static ctl_table kern_table[] = {
> .mode = 0644,
> .proc_handler = &proc_dointvec,
> },
> -#ifdef CONFIG_AUDITSYSCALL
> - {
> - .ctl_name = CTL_UNNUMBERED,
> - .procname = "audit_argv_kb",
> - .data = &audit_argv_kb,
> - .maxlen = sizeof(int),
> - .mode = 0644,
> - .proc_handler = &proc_dointvec,
> - },
> -#endif
> {
> .ctl_name = KERN_CORE_PATTERN,
> .procname = "core_pattern",
>
>
next prev parent reply other threads:[~2007-10-03 16:56 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-02 21:29 [PATCH 2/2] Audit: remove the limit on execve arguments when audit is running Eric Paris
2007-10-03 16:56 ` Peter Zijlstra [this message]
2007-10-05 15:11 ` Eric Paris
2007-10-05 15:44 ` Steve Grubb
2007-10-08 19:45 ` Klaus Weidner
2007-10-08 21:41 ` Steve Grubb
2007-10-08 22:45 ` Linda Knippers
2007-10-09 0:17 ` Steve Grubb
2007-10-09 2:34 ` Linda Knippers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1191430571.5599.31.camel@lappy \
--to=a.p.zijlstra@chello.nl \
--cc=eparis@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox