From mboxrd@z Thu Jan 1 00:00:00 1970 From: Miloslav =?UTF-8?Q?Trma=C4=8D?= Subject: Re: [PATCH 1/2] audit: fix NUL handling in untrusted strings Date: Thu, 11 Sep 2008 21:37:47 +0200 Message-ID: <1221161868.17533.37.camel@amilo> References: <1221085418.2705.19.camel@amilo> <20080911121443.c3153842.akpm@linux-foundation.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <20080911121443.c3153842.akpm@linux-foundation.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Andrew Morton Cc: linux-audit@redhat.com, viro@zeniv.linux.org.uk, linux-kernel@vger.kernel.org List-Id: linux-audit@redhat.com Andrew Morton p=C3=AD=C5=A1e v =C4=8Ct 11. 09. 2008 v 12:14 -0700: > On Thu, 11 Sep 2008 00:23:38 +0200 > Miloslav Trma__ wrote: >=20 > > The audit record can thus contain a NUL byte (and some unchecked data > > after that). Because the user-space audit daemon treats audit record= s > > as NUL-terminated strings, an untrusted string that is shorter than t= he > > specified maximum length effectively terminates the audit record. > >=20 > It's unclear how serious this problem is. * AUDIT_USER_TTY records (which are sent from user-space with a trailing NUL byte) are missing a terminating '"' character. * Some data is not recorded in AUDIT_TTY records, and the terminating '"' character is missing in that case as well. > Do you believe that it is > sufficiently serious to warrant merging these fixes into 2.6.27?=20 > 2.6.26.x? 2.6.25.x? This patch (1/2) only fixes creation of incorrectly formatted, but easy-to-understand audit records; it would be nice to have it in 2.6.27 (assuming the audit maintainer acks it - or a variant of it). The other one (2/2), which makes sure all TTY audit data is recorded, should probably be merged in the stable releases as well. Mirek