[3.8.y.z extended stable] Patch "audit: printk USER_AVC messages when audit isn't enabled" has been added to staging queue

Mon, 09 Dec 2013 05:35:38 -0800 

This is a note to let you know that I have just added a patch titled

    audit: printk USER_AVC messages when audit isn't enabled

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 
http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.14.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 413f7cab725f1afa8c51f638fa4d335fc64beb14 Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhi...@canonical.com>
Date: Thu, 25 Jul 2013 18:02:55 -0700
Subject: audit: printk USER_AVC messages when audit isn't enabled

commit 0868a5e150bc4c47e7a003367cd755811eb41e0b upstream.

When the audit=1 kernel parameter is absent and auditd is not running,
AUDIT_USER_AVC messages are being silently discarded.

AUDIT_USER_AVC messages should be sent to userspace using printk(), as
mentioned in the commit message of 4a4cd633 ("AUDIT: Optimise the
audit-disabled case for discarding user messages").

When audit_enabled is 0, audit_receive_msg() discards all user messages
except for AUDIT_USER_AVC messages. However, audit_log_common_recv_msg()
refuses to allocate an audit_buffer if audit_enabled is 0. The fix is to
special case AUDIT_USER_AVC messages in both functions.

It looks like commit 50397bd1 ("[AUDIT] clean up audit_receive_msg()")
introduced this bug.

Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Cc: Al Viro <v...@zeniv.linux.org.uk>
Cc: Eric Paris <epa...@redhat.com>
Cc: linux-audit@redhat.com
Acked-by: Kees Cook <keesc...@chromium.org>
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
Signed-off-by: Eric Paris <epa...@redhat.com>
Signed-off-by: Kamal Mostafa <ka...@canonical.com>
---
 kernel/audit.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 8a667f10..1da9782 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -615,7 +615,7 @@ static int audit_log_common_recv_msg(struct audit_buffer 
**ab, u16 msg_type,
        char *ctx = NULL;
        u32 len;

-       if (!audit_enabled) {
+       if (!audit_enabled && msg_type != AUDIT_USER_AVC) {
                *ab = NULL;
                return rc;
        }
--
1.8.3.2

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to