Netlink Socket Problem

Chris Wright chrisw at osdl.org
Tue Mar 1 02:43:05 UTC 2005 

* Steve Grubb (sgrubb at redhat.com) wrote:
> On Monday 28 February 2005 19:08, Timothy R. Chavez wrote:
> > Though I don't know what's going on here,
> 
> But can you / anyone confirm the problem? I just want to make sure its not my 
> setup.

I can, I think the problem it's sending to the wrong socket (i.e. the
first one bound).  It's not all that clear that you want to bind (esp.
with pid = 0) anyway.  Short-term fix may be to eliminate the bind() or
make another wrapper w/out bind().  This won't work if you ever have two
pending sendto()'s though.  Since there's an implicit bind there...

> > you could also just share auditd's netlink connection and have trusted
> > programs talk to auditd 
> 
> I don't even want to go there....added complexity, denial of service, 
> credential checking, etc. I'd rather spend time figuring out what's wrong in 
> the kernel or just opening and closing connections.

Plus, it's not the problem.  The issue is not that auditd has a socket
open as well as the auditctl program.  The issue is 100% confined to the
single instance of audtictl which did more than 1 bind().

Steve, can you see if this fixes it up for you?

thanks,
-chris
--

Send audit repsonse to socket which request came from, rather than pid
that request came from.

Signed-off-by: Chris Wright <chrisw at osdl.org>

===== kernel/audit.c 1.9 vs edited =====
--- 1.9/kernel/audit.c	2005-01-30 22:33:47 -08:00
+++ edited/kernel/audit.c	2005-02-28 18:34:47 -08:00
@@ -360,7 +360,7 @@ static int audit_receive_msg(struct sk_b
 		status_set.backlog_limit = audit_backlog_limit;
 		status_set.lost		 = atomic_read(&audit_lost);
 		status_set.backlog	 = atomic_read(&audit_backlog);
-		audit_send_reply(pid, seq, AUDIT_GET, 0, 0,
+		audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0,
 				 &status_set, sizeof(status_set));
 		break;
 	case AUDIT_SET:
@@ -407,8 +407,8 @@ static int audit_receive_msg(struct sk_b
 		/* fallthrough */
 	case AUDIT_LIST:
 #ifdef CONFIG_AUDITSYSCALL
-		err = audit_receive_filter(nlh->nlmsg_type, pid, uid, seq,
-					   data);
+		err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
+					   uid, seq, data);
 #else
 		err = -EOPNOTSUPP;
 #endif

More information about the Linux-audit mailing list