[PATCH 21/27] audit: Handle embedded NUL in TTY input auditing

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Alan Cox <alan@redhat.com>
To: torvalds@osdl.org, linux-kernel@vger.kernel.org,
	linux-serial@vger.kernel.org
Subject: [PATCH 21/27] audit: Handle embedded NUL in TTY input auditing
Date: Fri, 10 Oct 2008 11:50:47 +0100	[thread overview]
Message-ID: <20081010105042.31597.81024.stgit@localhost.localdomain> (raw)
In-Reply-To: <20081010103447.31597.42992.stgit@localhost.localdomain>

From: Miloslav Trmac <mitr@redhat.com>

Data read from a TTY can contain an embedded NUL byte (e.g. after
pressing Ctrl-2, or sent to a PTY).  After the previous patch, the data
would be logged only up to the first NUL.

This patch modifies the AUDIT_TTY record to always use the hexadecimal
format, which does not terminate at the first NUL byte.  The vast
majority of recorded TTY input data will contain either ' ' or '\n', so
the hexadecimal format would have been used anyway.

Signed-off-by: Miloslav Trmac <mitr@redhat.com>
Signed-off-by: Alan Cox <alan@redhat.com>
---

 drivers/char/tty_audit.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c
index 3582f43..5787249 100644
--- a/drivers/char/tty_audit.c
+++ b/drivers/char/tty_audit.c
@@ -93,7 +93,7 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
 		get_task_comm(name, tsk);
 		audit_log_untrustedstring(ab, name);
 		audit_log_format(ab, " data=");
-		audit_log_n_untrustedstring(ab, buf->data, buf->valid);
+		audit_log_n_hex(ab, buf->data, buf->valid);
 		audit_log_end(ab);
 	}
 	buf->valid = 0;

next prev parent reply	other threads:[~2008-10-10 10:54 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-10 10:36 [PATCH 00/27] First block of the tty backlog Alan Cox
2008-10-10 10:36 ` [PATCH 01/27] drivers/serial/crisv10.c: add missing put_tty_driver Alan Cox
2008-12-28 22:24   ` Should <linux/serial.h> define __u32? walt
2008-12-29  0:53     ` Alan Cox
2008-12-29 12:35     ` Mike Frysinger
2008-10-10 10:36 ` [PATCH 02/27] drivers/char/hvc_console.c: adjust call to put_tty_driver Alan Cox
2008-10-10 10:36 ` [PATCH 03/27] coldfire: scheduled SERIAL_COLDFIRE removal Alan Cox
2008-10-10 10:37 ` [PATCH 04/27] epca: call tty_port_init Alan Cox
2008-10-10 10:48 ` [PATCH 05/27] Blackfin Serial Driver: use __initdata for data, not __init Alan Cox
2008-10-10 10:48 ` [PATCH 06/27] Blackfin Serial Driver: Fix bug - should suspend/resume/remove all uart ports Alan Cox
2008-10-10 10:48 ` [PATCH 07/27] Blackfin Serial Driver: trim trailing whitespace -- no functional changes Alan Cox
2008-10-10 10:48 ` [PATCH 08/27] Blackfin Serial Driver: move common variables out of serial headers and into the serial driver Alan Cox
2008-10-10 10:48 ` [PATCH 09/27] Blackfin Serial Driver: Remove useless stop Alan Cox
2008-10-10 10:49 ` [PATCH 10/27] Blackfin Serial Driver: Fix bug - Don't call tx_stop in tx_transfer Alan Cox
2008-10-10 10:49 ` [PATCH 11/27] Blackfin Serial Driver: Fix bug - ircp fails on sir over Blackfin UART Alan Cox
2008-10-10 10:49 ` [PATCH 12/27] Blackfin Serial Driver: Fix bug - request UART2/3 peripheral mapped interrupts in PIO mode Alan Cox
2008-10-10 10:49 ` [PATCH 13/27] Fix oti6858 debug level Alan Cox
2008-10-10 10:49 ` [PATCH 14/27] Char: cyclades. remove bogus iomap Alan Cox
2008-10-10 10:49 ` [PATCH 15/27] Char: sx, fix io unmapping Alan Cox
2008-10-10 10:50 ` [PATCH 16/27] Char: merge ip2main and ip2base Alan Cox
2008-10-10 10:50 ` [PATCH 17/27] ip2, cleanup globals Alan Cox
2008-10-10 10:50 ` [PATCH 18/27] ip2, fix sparse warnings Alan Cox
2008-10-10 10:50 ` [PATCH 19/27] ip2, init/deinit cleanup Alan Cox
2008-10-10 10:50 ` [PATCH 20/27] ip2: avoid add_timer with pending timer Alan Cox
2008-10-10 10:50 ` Alan Cox [this message]
2008-10-10 10:50 ` [PATCH 22/27] serial: Make uart_port's ioport "unsigned long" Alan Cox
2008-10-10 12:54   ` Josh Boyer
2008-10-10 16:19     ` David Miller
2008-10-10 10:51 ` [PATCH 23/27] nozomi: Fix close on error Alan Cox
2008-10-10 10:51 ` [PATCH 24/27] serial-make-uart_ports-ioport-unsigned-long-fix Alan Cox
2008-10-10 10:51 ` [PATCH 25/27] usb: fix pl2303 initialization Alan Cox
2008-10-10 10:51 ` [PATCH 26/27] ftdi: A few errors are err() that should be debug which causes much spewage Alan Cox
2008-10-10 10:52 ` [PATCH 27/27] serial_8250: pci_enable_device fail is not fully handled Alan Cox

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3582f43 dfblob:5787249 )
 OR (
bs:"[PATCH 21/27] audit: Handle embedded NUL in TTY input auditing" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20081010105042.31597.81024.stgit@localhost.localdomain \
    --to=alan@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-serial@vger.kernel.org \
    --cc=torvalds@osdl.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox