* [PATCH] audit: don't generate loginuid log when audit disabled
@ 2013-10-31 8:52 Gao feng
2013-10-31 14:50 ` Steve Grubb
0 siblings, 1 reply; 7+ messages in thread
From: Gao feng @ 2013-10-31 8:52 UTC (permalink / raw)
To: linux-audit; +Cc: rgb
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
kernel/auditsc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 065c7a1..92d0e92 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
struct audit_buffer *ab;
uid_t uid, ologinuid, nloginuid;
+ if (audit_enabled == AUDIT_OFF)
+ return;
+
uid = from_kuid(&init_user_ns, task_uid(current));
ologinuid = from_kuid(&init_user_ns, koldloginuid);
nloginuid = from_kuid(&init_user_ns, kloginuid),
--
1.8.3.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] audit: don't generate loginuid log when audit disabled
2013-10-31 8:52 Gao feng
@ 2013-10-31 14:50 ` Steve Grubb
2013-11-01 0:55 ` Gao feng
0 siblings, 1 reply; 7+ messages in thread
From: Steve Grubb @ 2013-10-31 14:50 UTC (permalink / raw)
To: linux-audit; +Cc: rgb
On Thursday, October 31, 2013 04:52:22 PM Gao feng wrote:
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> ---
> kernel/auditsc.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 065c7a1..92d0e92 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t
> koldloginuid, kuid_t kloginuid, struct audit_buffer *ab;
> uid_t uid, ologinuid, nloginuid;
>
> + if (audit_enabled == AUDIT_OFF)
> + return;
> +
> uid = from_kuid(&init_user_ns, task_uid(current));
> ologinuid = from_kuid(&init_user_ns, koldloginuid);
> nloginuid = from_kuid(&init_user_ns, kloginuid),
Are you wanting to avoid the audit event or prevent the use of
loginuid/sessionid when audit is disabled? What if we shutdown auditd (which
could disable auditing), someone logs in, and we restart auditd? Wouldn't
their context not have the correct credentials? What about non audit users of
this information?
-Steve
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] audit: don't generate loginuid log when audit disabled
2013-10-31 14:50 ` Steve Grubb
@ 2013-11-01 0:55 ` Gao feng
2013-11-01 1:15 ` Steve Grubb
0 siblings, 1 reply; 7+ messages in thread
From: Gao feng @ 2013-11-01 0:55 UTC (permalink / raw)
To: Steve Grubb; +Cc: rgb, linux-audit
On 10/31/2013 10:50 PM, Steve Grubb wrote:
> On Thursday, October 31, 2013 04:52:22 PM Gao feng wrote:
>> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
>> ---
>> kernel/auditsc.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
>> index 065c7a1..92d0e92 100644
>> --- a/kernel/auditsc.c
>> +++ b/kernel/auditsc.c
>> @@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t
>> koldloginuid, kuid_t kloginuid, struct audit_buffer *ab;
>> uid_t uid, ologinuid, nloginuid;
>>
>> + if (audit_enabled == AUDIT_OFF)
>> + return;
>> +
>> uid = from_kuid(&init_user_ns, task_uid(current));
>> ologinuid = from_kuid(&init_user_ns, koldloginuid);
>> nloginuid = from_kuid(&init_user_ns, kloginuid),
>
> Are you wanting to avoid the audit event or prevent the use of
> loginuid/sessionid when audit is disabled? What if we shutdown auditd (which
> could disable auditing), someone logs in, and we restart auditd? Wouldn't
> their context not have the correct credentials? What about non audit users of
> this information?
>
audit_log_set_loginuid is just used to log the setting loginuid message.
this patch will prevent this message being generated when audit is disabled,
we can still set/use loginuid.
Anything I missed?
Thanks
Gao
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] audit: don't generate loginuid log when audit disabled
2013-11-01 0:55 ` Gao feng
@ 2013-11-01 1:15 ` Steve Grubb
0 siblings, 0 replies; 7+ messages in thread
From: Steve Grubb @ 2013-11-01 1:15 UTC (permalink / raw)
To: Gao feng; +Cc: rgb, linux-audit
On Friday, November 01, 2013 08:55:03 AM Gao feng wrote:
> On 10/31/2013 10:50 PM, Steve Grubb wrote:
> > On Thursday, October 31, 2013 04:52:22 PM Gao feng wrote:
> >> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> >> ---
> >>
> >> kernel/auditsc.c | 3 +++
> >> 1 file changed, 3 insertions(+)
> >>
> >> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> >> index 065c7a1..92d0e92 100644
> >> --- a/kernel/auditsc.c
> >> +++ b/kernel/auditsc.c
> >> @@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t
> >> koldloginuid, kuid_t kloginuid, struct audit_buffer *ab;
> >>
> >> uid_t uid, ologinuid, nloginuid;
> >>
> >> + if (audit_enabled == AUDIT_OFF)
> >> + return;
> >> +
> >>
> >> uid = from_kuid(&init_user_ns, task_uid(current));
> >> ologinuid = from_kuid(&init_user_ns, koldloginuid);
> >> nloginuid = from_kuid(&init_user_ns, kloginuid),
> >
> > Are you wanting to avoid the audit event or prevent the use of
> > loginuid/sessionid when audit is disabled? What if we shutdown auditd
> > (which could disable auditing), someone logs in, and we restart auditd?
> > Wouldn't their context not have the correct credentials? What about non
> > audit users of this information?
>
> audit_log_set_loginuid is just used to log the setting loginuid message.
> this patch will prevent this message being generated when audit is disabled,
> we can still set/use loginuid.
OK, good. The version of that function I looked at sets the value (3.11
kernel). So, I wanted to make sure we are still able to set the value.
-Steve
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] audit: don't generate loginuid log when audit disabled
@ 2014-03-03 22:30 Richard Guy Briggs
2014-03-03 22:49 ` Greg KH
0 siblings, 1 reply; 7+ messages in thread
From: Richard Guy Briggs @ 2014-03-03 22:30 UTC (permalink / raw)
To: stable, linux-kernel, linux-audit
Cc: Gao feng, eparis, sgrubb, Richard Guy Briggs
From: Gao feng <gaofeng@cn.fujitsu.com>
If audit is disabled, we shouldn't generate loginuid audit
log.
Cc: stable@vger.kernel.org # v3.13-rc1
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
---
Already upstream in 3.14-rc1. This fixes a bug introduced by:
da0a6104 audit: loginuid functions coding style
kernel/auditsc.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index df1e685..9ab02fa 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1971,6 +1971,9 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
struct audit_buffer *ab;
uid_t uid, ologinuid, nloginuid;
+ if (!audit_enabled)
+ return;
+
uid = from_kuid(&init_user_ns, task_uid(current));
ologinuid = from_kuid(&init_user_ns, koldloginuid);
nloginuid = from_kuid(&init_user_ns, kloginuid),
--
1.7.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] audit: don't generate loginuid log when audit disabled
2014-03-03 22:30 [PATCH] audit: don't generate loginuid log when audit disabled Richard Guy Briggs
@ 2014-03-03 22:49 ` Greg KH
2014-03-03 22:51 ` Richard Guy Briggs
0 siblings, 1 reply; 7+ messages in thread
From: Greg KH @ 2014-03-03 22:49 UTC (permalink / raw)
To: Richard Guy Briggs; +Cc: linux-kernel, linux-audit, stable
On Mon, Mar 03, 2014 at 05:30:50PM -0500, Richard Guy Briggs wrote:
> From: Gao feng <gaofeng@cn.fujitsu.com>
>
> If audit is disabled, we shouldn't generate loginuid audit
> log.
>
> Cc: stable@vger.kernel.org # v3.13-rc1
> Acked-by: Eric Paris <eparis@redhat.com>
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> Signed-off-by: Eric Paris <eparis@redhat.com>
> ---
>
> Already upstream in 3.14-rc1. This fixes a bug introduced by:
> da0a6104 audit: loginuid functions coding style
What is the git id of the patch in Linus's tree?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] audit: don't generate loginuid log when audit disabled
2014-03-03 22:49 ` Greg KH
@ 2014-03-03 22:51 ` Richard Guy Briggs
0 siblings, 0 replies; 7+ messages in thread
From: Richard Guy Briggs @ 2014-03-03 22:51 UTC (permalink / raw)
To: Greg KH; +Cc: stable, linux-kernel, linux-audit, Gao feng, eparis, sgrubb
On 14/03/03, Greg KH wrote:
> On Mon, Mar 03, 2014 at 05:30:50PM -0500, Richard Guy Briggs wrote:
> > From: Gao feng <gaofeng@cn.fujitsu.com>
> >
> > If audit is disabled, we shouldn't generate loginuid audit
> > log.
> >
> > Cc: stable@vger.kernel.org # v3.13-rc1
> > Acked-by: Eric Paris <eparis@redhat.com>
> > Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> > Signed-off-by: Eric Paris <eparis@redhat.com>
> > ---
> >
> > Already upstream in 3.14-rc1. This fixes a bug introduced by:
> > da0a6104 audit: loginuid functions coding style
>
> What is the git id of the patch in Linus's tree?
Sorry, here you go: c2412d9
> greg k-h
- RGB
--
Richard Guy Briggs <rbriggs@redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2014-03-03 22:51 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-03-03 22:30 [PATCH] audit: don't generate loginuid log when audit disabled Richard Guy Briggs
2014-03-03 22:49 ` Greg KH
2014-03-03 22:51 ` Richard Guy Briggs
-- strict thread matches above, loose matches on Subject: below --
2013-10-31 8:52 Gao feng
2013-10-31 14:50 ` Steve Grubb
2013-11-01 0:55 ` Gao feng
2013-11-01 1:15 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).