On Thu, May 24, 2018 at 4:10 PM, Stefan Berger <stef...@linux.vnet.ibm.com> wrote: > The parameters passed to this logging function are all provided by > a privileged user and therefore we can call audit_log_string() > rather than audit_log_untrustedstring(). > > Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> > Suggested-by: Steve Grubb <sgr...@redhat.com> > --- > security/integrity/ima/ima_policy.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-)
Acked-by: Paul Moore <p...@paul-moore.com> > diff --git a/security/integrity/ima/ima_policy.c > b/security/integrity/ima/ima_policy.c > index d89bebf85421..a823f11a3e6b 100644 > --- a/security/integrity/ima/ima_policy.c > +++ b/security/integrity/ima/ima_policy.c > @@ -615,7 +615,7 @@ static void ima_log_string_op(struct audit_buffer *ab, > char *key, char *value, > audit_log_format(ab, "%s<", key); > else > audit_log_format(ab, "%s=", key); > - audit_log_untrustedstring(ab, value); > + audit_log_string(ab, value); > audit_log_format(ab, " "); > } > static void ima_log_string(struct audit_buffer *ab, char *key, char *value) > -- > 2.13.6 > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
