From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Paris Subject: Re: [PATCH 2/2] audit: Handle embedded NUL in TTY input auditing Date: Thu, 11 Sep 2008 10:25:52 -0400 Message-ID: <1221143153.2992.11.camel@localhost.localdomain> References: <1221085773.2705.25.camel@amilo> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <1221085773.2705.25.camel@amilo> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Miloslav =?UTF-8?Q?Trma=C4=8D?= Cc: linux-audit , viro@zeniv.linux.org.uk, linux-kernel List-Id: linux-audit@redhat.com On Thu, 2008-09-11 at 00:29 +0200, Miloslav Trma=C4=8D wrote: > From: Miloslav Trmac >=20 > Data read from a TTY can contain an embedded NUL byte (e.g. after > pressing Ctrl-2, or sent to a PTY). After the previous patch, the data > would be logged only up to the first NUL. >=20 > This patch modifies the AUDIT_TTY record to always use the hexadecimal > format, which does not terminate at the first NUL byte. The vast > majority of recorded TTY input data will contain either ' ' or '\n', so > the hexadecimal format would have been used anyway. >=20 > Signed-off-by: Miloslav Trmac Acked-by: Eric Paris > --- > tty_audit.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c > index 3582f43..5787249 100644 > --- a/drivers/char/tty_audit.c > +++ b/drivers/char/tty_audit.c > @@ -93,7 +93,7 @@ static void tty_audit_buf_push(struct task_struct *ts= k, uid_t loginuid, > get_task_comm(name, tsk); > audit_log_untrustedstring(ab, name); > audit_log_format(ab, " data=3D"); > - audit_log_n_untrustedstring(ab, buf->data, buf->valid); > + audit_log_n_hex(ab, buf->data, buf->valid); > audit_log_end(ab); > } > buf->valid =3D 0; >=20 >=20