Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / bdf4c48af20a3b0f01671799ace345e3d49576da
commitbdf4c48af20a3b0f01671799ace345e3d49576da[log] [tgz]
authorPeter Zijlstra <a.p.zijlstra@chello.nl>Thu Jul 19 01:48:15 2007 -0700
committerLinus Torvalds <torvalds@woody.linux-foundation.org>Thu Jul 19 10:04:45 2007 -0700
tree7c3b903d2de1cba6e212ad6f347bc8742b08035a
parentb111757c50ee30dad162192df6168e270a90c252 [diff]
audit: rework execve audit

The purpose of audit_bprm() is to log the argv array to a userspace daemon at
the end of the execve system call.  Since user-space hasn't had time to run,
this array is still in pristine state on the process' stack; so no need to
copy it, we can just grab it from there.

In order to minimize the damage to audit_log_*() copy each string into a
temporary kernel buffer first.

Currently the audit code requires that the full argument vector fits in a
single packet.  So currently it does clip the argv size to a (sysctl) limit,
but only when execve auditing is enabled.

If the audit protocol gets extended to allow for multiple packets this check
can be removed.

Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Ollie Wild <aaw@google.com>
Cc: <linux-audit@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5 files changed
tree: 7c3b903d2de1cba6e212ad6f347bc8742b08035a
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. fs/
  7. include/
  8. init/
  9. ipc/
  10. kernel/
  11. lib/
  12. mm/
  13. net/
  14. scripts/
  15. security/
  16. sound/
  17. usr/
  18. .gitignore
  19. .mailmap
  20. COPYING
  21. CREDITS
  22. Kbuild
  23. MAINTAINERS
  24. Makefile
  25. README
  26. REPORTING-BUGS