<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/kernel/auditsc.c, branch v2.6.12.4</title>
<subtitle>Linux kernel source tree</subtitle>
<id>https://git.amat.us/linux/atom/kernel/auditsc.c?h=v2.6.12.4</id>
<link rel='self' href='https://git.amat.us/linux/atom/kernel/auditsc.c?h=v2.6.12.4'/>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/'/>
<updated>2005-04-29T16:30:07Z</updated>
<entry>
<title>[AUDIT] LOGIN message credentials</title>
<updated>2005-04-29T16:30:07Z</updated>
<author>
<name>Steve Grubb</name>
<email>sgrubb@redhat.com</email>
</author>
<published>2005-04-29T16:30:07Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=456be6cd90dbbb9b0ea01d56932d56d110d51cf7'/>
<id>urn:sha1:456be6cd90dbbb9b0ea01d56932d56d110d51cf7</id>
<content type='text'>
Attached is a new patch that solves the issue of getting valid credentials 
into the LOGIN message. The current code was assuming that the audit context 
had already been copied. This is not always the case for LOGIN messages.

To solve the problem, the patch passes the task struct to the function that 
emits the message where it can get valid credentials.

Signed-off-by: Steve Grubb &lt;sgrubb@redhat.com&gt;
Signed-off-by: David Woodhouse &lt;dwmw2@infradead.org&gt;
</content>
</entry>
<entry>
<title>Add audit uid to netlink credentials</title>
<updated>2005-04-29T15:27:17Z</updated>
<author>
<name>Serge Hallyn</name>
<email>serue@us.ibm.com</email>
</author>
<published>2005-04-29T15:27:17Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=c94c257c88c517f251da273a15c654224c7b6e21'/>
<id>urn:sha1:c94c257c88c517f251da273a15c654224c7b6e21</id>
<content type='text'>
Most audit control messages are sent over netlink.In order to properly
log the identity of the sender of audit control messages, we would like
to add the loginuid to the netlink_creds structure, as per the attached
patch.

Signed-off-by: Serge Hallyn &lt;serue@us.ibm.com&gt;
Signed-off-by: David Woodhouse &lt;dwmw2@infradead.org&gt;
</content>
</entry>
<entry>
<title>audit: update pointer to userspace tools, remove emacs mode tags</title>
<updated>2005-04-29T15:23:29Z</updated>
<author>
<name></name>
<email>dwmw2@shinybook.infradead.org</email>
</author>
<published>2005-04-29T15:23:29Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=85c8721ff3bc96b702427a440616079e8daf8a2f'/>
<id>urn:sha1:85c8721ff3bc96b702427a440616079e8daf8a2f</id>
<content type='text'>
</content>
</entry>
<entry>
<title>[AUDIT] Fix signedness of 'serial' in various routines.</title>
<updated>2005-04-29T15:09:52Z</updated>
<author>
<name>Steve Grubb</name>
<email>sgrubb@redhat.com</email>
</author>
<published>2005-04-29T15:09:52Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=d812ddbb89e323d054a7d073466225966c8350c8'/>
<id>urn:sha1:d812ddbb89e323d054a7d073466225966c8350c8</id>
<content type='text'>
Attached is a patch that corrects a signed/unsigned warning. I also noticed
that we needlessly init serial to 0. That only needs to occur if the kernel
was compiled without the audit system.

-Steve Grubb

Signed-off-by: David Woodhouse &lt;dwmw2@infradead.org&gt;
</content>
</entry>
<entry>
<title>[AUDIT] Don't allow ptrace to fool auditing, log arch of audited syscalls.</title>
<updated>2005-04-29T15:08:28Z</updated>
<author>
<name></name>
<email>dwmw2@shinybook.infradead.org</email>
</author>
<published>2005-04-29T15:08:28Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=2fd6f58ba6efc82ea2c9c2630f7ff5ed9eeaf34a'/>
<id>urn:sha1:2fd6f58ba6efc82ea2c9c2630f7ff5ed9eeaf34a</id>
<content type='text'>
We were calling ptrace_notify() after auditing the syscall and arguments,
but the debugger could have _changed_ them before the syscall was actually
invoked. Reorder the calls to fix that.

While we're touching ever call to audit_syscall_entry(), we also make it
take an extra argument: the architecture of the syscall which was made,
because some architectures allow more than one type of syscall.

Also add an explicit success/failure flag to audit_syscall_exit(), for
the benefit of architectures which return that in a condition register
rather than only returning a single register.

Change type of syscall return value to 'long' not 'int'.

Signed-off-by: David Woodhouse &lt;dwmw2@infradead.org&gt;
</content>
</entry>
<entry>
<title>AUDIT: Avoid log pollution by untrusted strings.</title>
<updated>2005-04-29T14:54:44Z</updated>
<author>
<name></name>
<email>dwmw2@shinybook.infradead.org</email>
</author>
<published>2005-04-29T14:54:44Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=83c7d09173fdb6b06b109e65895392db3e49ac9c'/>
<id>urn:sha1:83c7d09173fdb6b06b109e65895392db3e49ac9c</id>
<content type='text'>
We log strings from userspace, such as arguments to open(). These could
be formatted to contain \n followed by fake audit log entries. Provide
a function for logging such strings, which gives a hex dump when the
string contains anything but basic printable ASCII characters. Use it
for logging filenames.

Signed-off-by: David Woodhouse &lt;dwmw2@infradead.org&gt;
</content>
</entry>
<entry>
<title>[PATCH] SELinux: fix deadlock on dcache lock</title>
<updated>2005-04-18T17:47:35Z</updated>
<author>
<name>Stephen Smalley</name>
<email>sds@tycho.nsa.gov</email>
</author>
<published>2005-04-18T17:47:35Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=219f0817038cabc722968e914490adf6b686499e'/>
<id>urn:sha1:219f0817038cabc722968e914490adf6b686499e</id>
<content type='text'>
This fixes a deadlock on the dcache lock detected during testing at IBM
by moving the logging of the current executable information from the
SELinux avc_audit function to audit_log_exit (via an audit_log_task_info
helper) for processing upon syscall exit. 

For consistency, the patch also removes the logging of other
task-related information from avc_audit, deferring handling to
audit_log_exit instead. 

This allows simplification of the avc_audit code, allows the exe
information to be obtained more reliably, always includes the comm
information (useful for scripts), and avoids including bogus task
information for checks performed from irq or softirq. 

Signed-off-by:  Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Signed-off-by:  James Morris &lt;jmorris@redhat.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
</content>
</entry>
<entry>
<title>Linux-2.6.12-rc2</title>
<updated>2005-04-16T22:20:36Z</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@ppc970.osdl.org</email>
</author>
<published>2005-04-16T22:20:36Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2'/>
<id>urn:sha1:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2</id>
<content type='text'>
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.

Let it rip!
</content>
</entry>
</feed>
