Netlink Socket Problem
Chris Wright
chrisw at osdl.org
Tue Mar 1 02:43:05 UTC 2005
* Steve Grubb (sgrubb at redhat.com) wrote:
> On Monday 28 February 2005 19:08, Timothy R. Chavez wrote:
> > Though I don't know what's going on here,
>
> But can you / anyone confirm the problem? I just want to make sure its not my
> setup.
I can, I think the problem it's sending to the wrong socket (i.e. the
first one bound). It's not all that clear that you want to bind (esp.
with pid = 0) anyway. Short-term fix may be to eliminate the bind() or
make another wrapper w/out bind(). This won't work if you ever have two
pending sendto()'s though. Since there's an implicit bind there...
> > you could also just share auditd's netlink connection and have trusted
> > programs talk to auditd
>
> I don't even want to go there....added complexity, denial of service,
> credential checking, etc. I'd rather spend time figuring out what's wrong in
> the kernel or just opening and closing connections.
Plus, it's not the problem. The issue is not that auditd has a socket
open as well as the auditctl program. The issue is 100% confined to the
single instance of audtictl which did more than 1 bind().
Steve, can you see if this fixes it up for you?
thanks,
-chris
--
Send audit repsonse to socket which request came from, rather than pid
that request came from.
Signed-off-by: Chris Wright <chrisw at osdl.org>
===== kernel/audit.c 1.9 vs edited =====
--- 1.9/kernel/audit.c 2005-01-30 22:33:47 -08:00
+++ edited/kernel/audit.c 2005-02-28 18:34:47 -08:00
@@ -360,7 +360,7 @@ static int audit_receive_msg(struct sk_b
status_set.backlog_limit = audit_backlog_limit;
status_set.lost = atomic_read(&audit_lost);
status_set.backlog = atomic_read(&audit_backlog);
- audit_send_reply(pid, seq, AUDIT_GET, 0, 0,
+ audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0,
&status_set, sizeof(status_set));
break;
case AUDIT_SET:
@@ -407,8 +407,8 @@ static int audit_receive_msg(struct sk_b
/* fallthrough */
case AUDIT_LIST:
#ifdef CONFIG_AUDITSYSCALL
- err = audit_receive_filter(nlh->nlmsg_type, pid, uid, seq,
- data);
+ err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
+ uid, seq, data);
#else
err = -EOPNOTSUPP;
#endif
More information about the Linux-audit
mailing list