Vesa-Matti J Kari
1d6c9649e2
kernel/audit.c control character detection is off-by-one ...
Hello,
According to my understanding there is an off-by-one bug in the
function:
audit_string_contains_control()
in:
kernel/audit.c
Patch is included.
I do not know from how many places the function is called from, but for
example, SELinux Access Vector Cache tries to log untrusted filenames via
call path:
avc_audit()
audit_log_untrustedstring()
audit_log_n_untrustedstring()
audit_string_contains_control()
If audit_string_contains_control() detects control characters, then the
string is hex-encoded. But the hex=0x7f dec=127, DEL-character, is not
detected.
I guess this could have at least some minor security implications, since a
user can create a filename with 0x7f in it, causing logged filename to
possibly look different when someone reads it on the terminal.
Signed-off-by: Vesa-Matti Kari <vmkari@cc.helsinki.fi>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2008-08-01 12:05:35 -04:00
2008-07-26 12:00:07 -07:00
2008-07-26 12:00:04 -07:00
2008-07-26 16:40:33 +02:00
2008-07-28 23:32:00 +02:00
2008-02-09 23:27:01 -08:00
2008-07-25 10:53:47 -07:00
2008-05-17 03:30:23 -04:00
2008-08-01 12:05:35 -04:00
2008-04-28 06:28:04 -04:00
2008-06-24 23:36:35 -04:00
2008-08-01 12:05:32 -04:00
2008-06-27 18:09:16 +02:00
2008-04-29 08:06:29 -07:00
2008-07-24 10:47:22 -07:00
2008-04-29 08:06:09 -07:00
2008-07-30 09:41:44 -07:00
2008-05-01 08:03:59 -07:00
2008-04-29 08:06:22 -07:00
2008-07-28 23:32:00 +02:00
2008-07-30 09:41:44 -07:00
2008-07-25 10:53:47 -07:00
2008-07-20 21:22:00 +02:00
2008-04-29 08:06:22 -07:00
2008-07-26 20:53:20 -04:00
2008-07-27 09:58:20 -07:00
2008-07-28 16:30:21 -07:00
2008-03-30 14:18:41 -07:00
2008-06-23 13:31:15 +02:00
2008-07-15 21:55:59 +02:00
2008-02-08 09:22:29 -08:00
2008-07-25 10:53:27 -07:00
2008-07-23 11:18:28 +02:00
2008-03-10 18:01:20 -07:00
2008-07-26 12:00:04 -07:00
2008-06-24 10:52:55 -05:00
2008-07-25 10:53:28 -07:00
2008-07-25 10:53:30 -07:00
2008-07-26 12:00:09 -07:00
2008-04-29 08:06:22 -07:00
2008-06-24 01:28:20 +02:00
2008-06-24 01:28:20 +02:00
2008-07-14 14:55:13 -07:00
2008-07-29 00:07:55 +02:00
2008-07-30 09:41:45 -07:00
2008-07-28 12:16:31 +10:00
2008-05-16 16:53:35 +02:00
2008-06-10 11:45:09 +02:00
2008-04-29 08:06:13 -07:00
2008-07-25 10:53:37 -07:00
2008-07-25 10:53:37 -07:00
2008-07-25 10:53:29 -07:00
2008-02-08 09:22:41 -08:00
2008-07-25 10:53:47 -07:00
2008-07-25 10:53:45 -07:00
2008-07-02 15:06:24 -06:00
2008-05-24 18:49:22 +02:00
2008-07-25 10:53:38 -07:00
2008-07-30 09:41:45 -07:00
2008-07-25 10:53:27 -07:00
2008-07-26 12:00:09 -07:00
2008-07-28 12:16:31 +10:00
2008-07-15 14:12:03 -07:00
2008-05-19 10:03:39 +02:00
2008-07-16 00:29:07 +02:00
2008-06-26 09:24:33 +02:00
2008-07-26 12:00:04 -07:00
2008-07-25 10:53:36 -07:00
2008-07-30 09:41:43 -07:00
2008-02-08 09:22:41 -08:00
2008-02-08 09:22:41 -08:00
2008-07-21 21:55:02 -07:00
2008-02-13 15:45:36 +01:00
2008-07-14 12:19:13 +02:00
2008-06-06 15:19:28 +02:00
2008-06-06 15:19:44 +02:00
2008-06-27 14:31:31 +02:00
2008-07-23 19:36:53 -07:00
2008-06-27 14:31:47 +02:00
2008-05-05 23:56:17 +02:00
2008-07-24 12:53:51 -07:00
2008-07-04 12:50:23 +02:00
2008-07-30 09:41:47 -07:00
2008-07-01 10:14:06 +02:00
2008-07-26 12:00:09 -07:00
2008-07-26 12:00:04 -07:00
2008-07-26 12:00:04 -07:00
2008-07-26 12:00:04 -07:00
2008-05-23 20:39:40 +02:00
2008-02-06 10:41:02 -08:00
2008-06-30 09:20:55 +02:00
2008-07-28 12:16:30 +10:00
2008-07-25 11:35:41 -07:00
2008-07-26 12:00:04 -07:00
2008-07-25 10:53:45 -07:00
2008-07-27 09:45:34 -07:00
2008-07-25 10:53:47 -07:00
2008-02-06 10:41:11 -08:00
2008-05-02 16:18:42 -07:00
2008-05-02 16:18:42 -07:00
2008-07-14 16:06:58 -07:00
2008-07-27 16:12:28 -07:00
2008-04-10 17:28:26 -07:00
2008-04-29 08:06:07 -07:00
2008-04-30 08:29:53 -07:00
2008-04-29 08:06:04 -07:00
2008-02-08 09:22:31 -08:00
2008-07-30 09:41:47 -07:00
1d6c9649e2