From: Ben Hutchings <ben.hutchings@codethink.co.uk>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org, Richard Guy Briggs <rgb@redhat.com>,
Paul Moore <paul@paul-moore.com>
Subject: Re: [PATCH 4.4 24/72] audit: add tty field to LOGIN event
Date: Mon, 14 May 2018 17:18:56 +0100 [thread overview]
Message-ID: <1526314736.9159.13.camel@codethink.co.uk> (raw)
In-Reply-To: <20180406084307.173351538@linuxfoundation.org>
On Fri, 2018-04-06 at 15:23 +0200, Greg Kroah-Hartman wrote:
> 4.4-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Richard Guy Briggs <rgb@redhat.com>
>
> commit db0a6fb5d97afe01fd9c47d37c6daa82d4d4001d upstream.
[...]
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1976,6 +1976,7 @@ static void audit_log_set_loginuid(kuid_
> {
> struct audit_buffer *ab;
> uid_t uid, oldloginuid, loginuid;
> + struct tty_struct *tty;
>
> if (!audit_enabled)
> return;
> @@ -1983,14 +1984,17 @@ static void audit_log_set_loginuid(kuid_
> uid = from_kuid(&init_user_ns, task_uid(current));
> oldloginuid = from_kuid(&init_user_ns, koldloginuid);
> loginuid = from_kuid(&init_user_ns, kloginuid),
> + tty = audit_get_tty(current);
>
> ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);
> if (!ab)
> return;
This error path leaks the tty ref. Fixed upstream by:
commit 76a658c20efd541a62838d9ff68ce94170d7a549
Author: Richard Guy Briggs <rgb@redhat.com>
Date: Tue Jun 28 12:06:58 2016 -0400
audit: move calcs after alloc and check when logging set loginuid
Ben.
> audit_log_format(ab, "pid=%d uid=%u", task_pid_nr(current), uid);
> audit_log_task_context(ab);
> - audit_log_format(ab, " old-auid=%u auid=%u old-ses=%u ses=%u res=%d",
> - oldloginuid, loginuid, oldsessionid, sessionid, !rc);
> + audit_log_format(ab, " old-auid=%u auid=%u tty=%s old-ses=%u ses=%u res=%d",
> + oldloginuid, loginuid, tty ? tty_name(tty) : "(none)",
> + oldsessionid, sessionid, !rc);
> + audit_put_tty(tty);
> audit_log_end(ab);
> }
>
--
Ben Hutchings
Software Developer, Codethink Ltd.
next prev parent reply other threads:[~2018-05-14 16:18 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-06 13:23 [PATCH 4.4 00/72] 4.4.127-stable review Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 01/72] mtd: jedec_probe: Fix crash in jedec_read_mfr() Greg Kroah-Hartman
2018-05-14 15:16 ` Ben Hutchings
2018-04-06 13:23 ` [PATCH 4.4 02/72] ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 03/72] ALSA: pcm: potential uninitialized return values Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 04/72] perf/hwbp: Simplify the perf-hwbp code, fix documentation Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 05/72] partitions/msdos: Unable to mount UFS 44bsd partitions Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 06/72] usb: gadget: define free_ep_req as universal function Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 07/72] usb: gadget: change len to size_t on alloc_ep_req() Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 08/72] usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 09/72] usb: gadget: align buffer size when allocating for OUT endpoint Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 10/72] usb: gadget: f_hid: fix: Prevent accessing released memory Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 11/72] kprobes/x86: Fix to set RWX bits correctly before releasing trampoline Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 12/72] ACPI, PCI, irq: remove redundant check for null string pointer Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 13/72] writeback: fix the wrong congested state variable definition Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 14/72] PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 15/72] dm ioctl: remove double parentheses Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 16/72] Input: mousedev - fix implicit conversion warning Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 17/72] netfilter: nf_nat_h323: fix logical-not-parentheses warning Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 18/72] genirq: Use cpumask_available() for check of cpumask variable Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 19/72] cpumask: Add helper cpumask_available() Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 20/72] selinux: Remove unnecessary check of array base in selinux_set_mapping() Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 21/72] fs: compat: Remove warning from COMPATIBLE_IOCTL Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 22/72] jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 23/72] frv: declare jiffies to be located in the .data section Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 24/72] audit: add tty field to LOGIN event Greg Kroah-Hartman
2018-05-14 16:18 ` Ben Hutchings [this message]
2018-05-17 8:56 ` Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 25/72] tty: provide tty_name() even without CONFIG_TTY Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 26/72] netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 27/72] selinux: Remove redundant check for unknown labeling behavior Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 28/72] arm64: avoid overflow in VA_START and PAGE_OFFSET Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 29/72] xfrm_user: uncoditionally validate esn replay attribute struct Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 30/72] RDMA/ucma: Check AF family prior resolving address Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 31/72] RDMA/ucma: Fix use-after-free access in ucma_close Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 32/72] RDMA/ucma: Ensure that CM_ID exists prior to access it Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 33/72] RDMA/ucma: Check that device is connected " Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 34/72] RDMA/ucma: Check that device exists prior to accessing it Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 35/72] RDMA/ucma: Dont allow join attempts for unsupported AF family Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 36/72] RDMA/ucma: Introduce safer rdma_addr_size() variants Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 37/72] net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 38/72] xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 39/72] netfilter: bridge: ebt_among: add more missing match size checks Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 40/72] netfilter: x_tables: add and use xt_check_proc_name Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 41/72] Bluetooth: Fix missing encryption refresh on Security Request Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 42/72] llist: clang: introduce member_address_is_nonnull() Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 43/72] scsi: virtio_scsi: always read VPD pages for multiqueue too Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 44/72] usb: dwc2: Improve gadget state disconnection handling Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 45/72] USB: serial: ftdi_sio: add RT Systems VX-8 cable Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 46/72] USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 47/72] USB: serial: cp210x: add ELDAT Easywave RX09 id Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 48/72] mei: remove dev_err message on an unsupported ioctl Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 49/72] media: usbtv: prevent double free in error case Greg Kroah-Hartman
2018-05-14 17:41 ` Ben Hutchings
2018-05-15 9:53 ` Oliver Neukum
2018-04-06 13:23 ` [PATCH 4.4 50/72] parport_pc: Add support for WCH CH382L PCI-E single parallel port card Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 51/72] crypto: ahash - Fix early termination in hash walk Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 52/72] crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 53/72] fs/proc: Stop trying to report thread stacks Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 54/72] staging: comedi: ni_mio_common: ack ai fifo error interrupts Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 55/72] Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 56/72] Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 57/72] vt: change SGR 21 to follow the standards Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.4 58/72] Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.4 59/72] ARM: dts: dra7: Add power hold and power controller properties to palmas Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.4 60/72] ARM: dts: am57xx-beagle-x15-common: Add overide powerhold property Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.4 61/72] md/raid10: reset the first at the end of loop Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.4 62/72] net: hns: Fix ethtool private flags Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.4 63/72] nospec: Move array_index_nospec() parameter checking into separate macro Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.4 64/72] nospec: Kill array_index_nospec_mask_check() Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.4 65/72] Revert "PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()" Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.4 66/72] Revert "ARM: dts: am335x-pepper: Fix the audio CODECs reset pin" Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.4 67/72] Revert "ARM: dts: omap3-n900: " Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.4 68/72] Revert "cpufreq: Fix governor module removal race" Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.4 69/72] Revert "mtip32xx: use runtime tag to initialize command header" Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.4 70/72] spi: davinci: fix up dma_mapping_error() incorrect patch Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.4 71/72] net: cavium: liquidio: fix up "Avoid dma_unmap_single on uninitialized ndata" Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.4 72/72] Revert "ip6_vti: adjust vti mtu according to mtu of lower device" Greg Kroah-Hartman
2018-04-06 16:25 ` [PATCH 4.4 00/72] 4.4.127-stable review Nathan Chancellor
2018-04-07 6:10 ` Greg Kroah-Hartman
2018-04-06 17:22 ` kernelci.org bot
2018-04-06 22:18 ` Shuah Khan
2018-04-07 6:46 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1526314736.9159.13.camel@codethink.co.uk \
--to=ben.hutchings@codethink.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=rgb@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).