From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ingo Molnar <mingo@elte.hu>
Subject: Re: [PATCH] fs: hardlink creation restrictions
Date: Mon, 20 Feb 2012 09:22:23 +0100
Message-ID: <20120220082223.GF30810@elte.hu>
References: <20120218193857.GA30985@www.outflux.net>
 <20120219124916.GB25900@elte.hu>
 <CAGXu5jL-NZP9At16q-b6biszMAWQQ4HLzW3cHDQUf0m7PGwGbQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Cc: Andrew Morton <akpm@linux-foundation.org>,
	linux-kernel@vger.kernel.org, Randy Dunlap <rdunlap@xenotime.net>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	kernel-hardening@lists.openwall.com
To: Kees Cook <keescook@chromium.org>
Return-path: <linux-doc-owner@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <CAGXu5jL-NZP9At16q-b6biszMAWQQ4HLzW3cHDQUf0m7PGwGbQ@mail.gmail.com>
Sender: linux-doc-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org


* Kees Cook <keescook@chromium.org> wrote:

> >> +#ifdef CONFIG_AUDIT
> >> + =A0 =A0 if (error) {
> >> + =A0 =A0 =A0 =A0 =A0 =A0 struct audit_buffer *ab;
> >> +
> >> + =A0 =A0 =A0 =A0 =A0 =A0 ab =3D audit_log_start(current->audit_co=
ntext,
> >> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0GFP_KERNEL, AUDIT_AVC);
> >> + =A0 =A0 =A0 =A0 =A0 =A0 audit_log_format(ab, "op=3Dlinkat action=
=3Ddenied");
> >> + =A0 =A0 =A0 =A0 =A0 =A0 audit_log_format(ab, " pid=3D%d comm=3D"=
, current->pid);
> >> + =A0 =A0 =A0 =A0 =A0 =A0 audit_log_untrustedstring(ab, current->c=
omm);
> >> + =A0 =A0 =A0 =A0 =A0 =A0 audit_log_d_path(ab, " path=3D", old_pat=
h);
> >> + =A0 =A0 =A0 =A0 =A0 =A0 audit_log_format(ab, " dev=3D");
> >> + =A0 =A0 =A0 =A0 =A0 =A0 audit_log_untrustedstring(ab, inode->i_s=
b->s_id);
> >> + =A0 =A0 =A0 =A0 =A0 =A0 audit_log_format(ab, " ino=3D%lu", inode=
->i_ino);
> >> + =A0 =A0 =A0 =A0 =A0 =A0 audit_log_end(ab);
> >> + =A0 =A0 }
> >> +#endif
> >
> > Small detail: don't these audit methods map to nothing on
> > !CONFIG_AUDIT, allowing the #ifdef to be dropped? (if not then
> > it should really be so.)
>=20
> Ah-ha; a more careful look at audit.h agrees. :) I'll adjust=20
> this as well.

Another detail, I'd also stick those logging lines into a=20
separate inline function right before the linkat function, so=20
that the logging details do not obscure the main flow of VFS=20
logic:

	if (error)
		audit_log_linkat_denied(current, old_path, inode);

=2E.. or so. People reading this function won't be interested in=20
the logging details 99.9% of the time.

Thanks,

	Ingo