From mboxrd@z Thu Jan 1 00:00:00 1970 From: Richard Guy Briggs Subject: Re: [PATCH] audit: Add cmdline to taskinfo output Date: Thu, 24 Oct 2013 15:10:17 -0400 Message-ID: <20131024191017.GC4956@madcap2.tricolour.ca> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: William Roberts Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com On Wed, Oct 23, 2013 at 01:40:42PM -0700, William Roberts wrote: > >From 0a8623b8f9fa625da81364cf3b87d2799171f83e Mon Sep 17 00:00:00 2001 > From: William Roberts > Date: Tue, 22 Oct 2013 14:23:27 -0700 > Subject: [PATCH] audit: Add cmdline to taskinfo output Hi William (Bill?), > On some devices, the cmdline and task info vary. For instance, on > Android, the cmdline is set to the package name, and the task info > is the name of the VM, which is not very helpful. Your patch doesn't apply to my tree for a couple of reasons. The funciton audit_log_task_info() was moved from kernel/auditsc.c to kernel/audit.c in commit b24a30a7 included in v3.10-rc1. We're up to v3.12-rc6. Please rebase, follow standard kernel coding style (or use a mailer that won't mangle your patch), re-test and re-send. I use "git format-patch" and "git send-email". Thanks! > Change-Id: I98a417c9ab3b95664c49aa1c7513cfd8296b6a2a > Signed-off-by: William Roberts > --- > fs/proc/base.c | 2 +- > include/linux/proc_fs.h | 1 + > kernel/auditsc.c | 24 ++++++++++++++++++++++++ > 3 files changed, 26 insertions(+), 1 deletion(-) > > diff --git a/fs/proc/base.c b/fs/proc/base.c > index 2f198da..25b73d3 100644 > --- a/fs/proc/base.c > +++ b/fs/proc/base.c > @@ -209,7 +209,7 @@ struct mm_struct *mm_for_maps(struct task_struct *task) > return mm_access(task, PTRACE_MODE_READ); > } > > -static int proc_pid_cmdline(struct task_struct *task, char * buffer) > +int proc_pid_cmdline(struct task_struct *task, char *buffer) > { > int res = 0; > unsigned int len; > diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h > index 85c5073..d85ac14 100644 > --- a/include/linux/proc_fs.h > +++ b/include/linux/proc_fs.h > @@ -118,6 +118,7 @@ struct pid_namespace; > > extern int pid_ns_prepare_proc(struct pid_namespace *ns); > extern void pid_ns_release_proc(struct pid_namespace *ns); > +extern int proc_pid_cmdline(struct task_struct *task, char *buffer); > > /* > * proc_tty.c > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 27ad9dd..7f2bf41 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -67,6 +67,7 @@ > #include > #include > #include > +#include > > #include "audit.h" > > @@ -1158,6 +1159,8 @@ static void audit_log_task_info(struct audit_buffer > *ab, struct task_struct *tsk > char name[sizeof(tsk->comm)]; > struct mm_struct *mm = tsk->mm; > struct vm_area_struct *vma; > + unsigned long page; > + int len; > > /* tsk == current */ > > @@ -1179,6 +1182,27 @@ static void audit_log_task_info(struct audit_buffer > *ab, struct task_struct *tsk > } > up_read(&mm->mmap_sem); > } > + > + /* Get the process cmdline */ > + page = __get_free_page(GFP_TEMPORARY); > + if (!page) > + goto out; > + > + len = proc_pid_cmdline(tsk, (char *)page); > + if (len <= 0) > + goto free; > + > + /* > + * Ensure NULL terminated! Application could > + * could be using setproctitle(3). > + */ > + ((char *)page)[len-1] = '\0'; > + > + audit_log_format(ab, " cmdline="); > + audit_log_untrustedstring(ab, (char *)page); > +free: > + free_page(page); > +out: > audit_log_task_context(ab); > } > > -- > 1.7.9.5 > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit - RGB -- Richard Guy Briggs Senior Software Engineer Kernel Security AMER ENG Base Operating Systems Remote, Ottawa, Canada Voice: +1.647.777.2635 Internal: (81) 32635 Alt: +1.613.693.0684x3545