Commit 1e641743 authored by Al Viro's avatar Al Viro Committed by James Morris

Audit: Log TIOCSTI

AUDIT_TTY records currently log all data read by processes marked for
TTY input auditing, even if the data was "pushed back" using the TIOCSTI
ioctl, not typed by the user.

This patch records all TIOCSTI calls to disambiguate the input.  It
generates one audit message per character pushed back; considering
TIOCSTI is used very rarely, this simple solution is probably good
enough.  (The only program I could find that uses TIOCSTI is mailx/nail
in "header editing" mode, e.g. using the ~h escape.  mailx is used very
rarely, and the escapes are used even rarer.)
Signed-Off-By: default avatarMiloslav Trmac <mitr@redhat.com>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 94d6a5f7
...@@ -67,37 +67,45 @@ static void tty_audit_buf_put(struct tty_audit_buf *buf) ...@@ -67,37 +67,45 @@ static void tty_audit_buf_put(struct tty_audit_buf *buf)
tty_audit_buf_free(buf); tty_audit_buf_free(buf);
} }
/** static void tty_audit_log(const char *description, struct task_struct *tsk,
* tty_audit_buf_push - Push buffered data out uid_t loginuid, unsigned sessionid, int major,
* int minor, unsigned char *data, size_t size)
* Generate an audit message from the contents of @buf, which is owned by
* @tsk with @loginuid. @buf->mutex must be locked.
*/
static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
unsigned int sessionid,
struct tty_audit_buf *buf)
{ {
struct audit_buffer *ab; struct audit_buffer *ab;
if (buf->valid == 0)
return;
if (audit_enabled == 0)
return;
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY); ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY);
if (ab) { if (ab) {
char name[sizeof(tsk->comm)]; char name[sizeof(tsk->comm)];
uid_t uid = task_uid(tsk); uid_t uid = task_uid(tsk);
audit_log_format(ab, "tty pid=%u uid=%u auid=%u ses=%u " audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u "
"major=%d minor=%d comm=", "major=%d minor=%d comm=", description,
tsk->pid, uid, loginuid, sessionid, tsk->pid, uid, loginuid, sessionid,
buf->major, buf->minor); major, minor);
get_task_comm(name, tsk); get_task_comm(name, tsk);
audit_log_untrustedstring(ab, name); audit_log_untrustedstring(ab, name);
audit_log_format(ab, " data="); audit_log_format(ab, " data=");
audit_log_n_hex(ab, buf->data, buf->valid); audit_log_n_hex(ab, data, size);
audit_log_end(ab); audit_log_end(ab);
} }
}
/**
* tty_audit_buf_push - Push buffered data out
*
* Generate an audit message from the contents of @buf, which is owned by
* @tsk with @loginuid. @buf->mutex must be locked.
*/
static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
unsigned int sessionid,
struct tty_audit_buf *buf)
{
if (buf->valid == 0)
return;
if (audit_enabled == 0)
return;
tty_audit_log("tty", tsk, loginuid, sessionid, buf->major, buf->minor,
buf->data, buf->valid);
buf->valid = 0; buf->valid = 0;
} }
...@@ -151,6 +159,42 @@ void tty_audit_fork(struct signal_struct *sig) ...@@ -151,6 +159,42 @@ void tty_audit_fork(struct signal_struct *sig)
sig->tty_audit_buf = NULL; sig->tty_audit_buf = NULL;
} }
/**
* tty_audit_tiocsti - Log TIOCSTI
*/
void tty_audit_tiocsti(struct tty_struct *tty, char ch)
{
struct tty_audit_buf *buf;
int major, minor, should_audit;
spin_lock_irq(&current->sighand->siglock);
should_audit = current->signal->audit_tty;
buf = current->signal->tty_audit_buf;
if (buf)
atomic_inc(&buf->count);
spin_unlock_irq(&current->sighand->siglock);
major = tty->driver->major;
minor = tty->driver->minor_start + tty->index;
if (buf) {
mutex_lock(&buf->mutex);
if (buf->major == major && buf->minor == minor)
tty_audit_buf_push_current(buf);
mutex_unlock(&buf->mutex);
tty_audit_buf_put(buf);
}
if (should_audit && audit_enabled) {
uid_t auid;
unsigned int sessionid;
auid = audit_get_loginuid(current);
sessionid = audit_get_sessionid(current);
tty_audit_log("ioctl=TIOCSTI", current, auid, sessionid, major,
minor, &ch, 1);
}
}
/** /**
* tty_audit_push_task - Flush task's pending audit data * tty_audit_push_task - Flush task's pending audit data
*/ */
......
...@@ -2018,6 +2018,7 @@ static int tiocsti(struct tty_struct *tty, char __user *p) ...@@ -2018,6 +2018,7 @@ static int tiocsti(struct tty_struct *tty, char __user *p)
return -EPERM; return -EPERM;
if (get_user(ch, p)) if (get_user(ch, p))
return -EFAULT; return -EFAULT;
tty_audit_tiocsti(tty, ch);
ld = tty_ldisc_ref_wait(tty); ld = tty_ldisc_ref_wait(tty);
ld->ops->receive_buf(tty, &ch, &mbz, 1); ld->ops->receive_buf(tty, &ch, &mbz, 1);
tty_ldisc_deref(ld); tty_ldisc_deref(ld);
......
...@@ -442,6 +442,7 @@ extern void tty_audit_add_data(struct tty_struct *tty, unsigned char *data, ...@@ -442,6 +442,7 @@ extern void tty_audit_add_data(struct tty_struct *tty, unsigned char *data,
size_t size); size_t size);
extern void tty_audit_exit(void); extern void tty_audit_exit(void);
extern void tty_audit_fork(struct signal_struct *sig); extern void tty_audit_fork(struct signal_struct *sig);
extern void tty_audit_tiocsti(struct tty_struct *tty, char ch);
extern void tty_audit_push(struct tty_struct *tty); extern void tty_audit_push(struct tty_struct *tty);
extern void tty_audit_push_task(struct task_struct *tsk, extern void tty_audit_push_task(struct task_struct *tsk,
uid_t loginuid, u32 sessionid); uid_t loginuid, u32 sessionid);
...@@ -450,6 +451,9 @@ static inline void tty_audit_add_data(struct tty_struct *tty, ...@@ -450,6 +451,9 @@ static inline void tty_audit_add_data(struct tty_struct *tty,
unsigned char *data, size_t size) unsigned char *data, size_t size)
{ {
} }
static inline void tty_audit_tiocsti(struct tty_struct *tty, char ch)
{
}
static inline void tty_audit_exit(void) static inline void tty_audit_exit(void)
{ {
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment