[PATCH] Fix remaining cases of direct logging of untrusted strings by avc_audit
Stephen Smalley
sds at tycho.nsa.gov
Wed May 25 14:08:03 UTC 2005
On Tue, 2005-05-24 at 21:30 +0100, David Woodhouse wrote:
> On Tue, 2005-05-24 at 14:18 -0400, Stephen Smalley wrote:
> > Note that d_name.name is nul-terminated by d_alloc()
>
> I wouldn't claim to be 100% convinced that it's always nul-terminated,
> but we were relying on that already so OK.
The fact that d_alloc always nul-terminates isn't sufficient for you?
You are concerned about manually constructed dentries outside of the
dcache?
FWIW, in addition to prior usage by avc_audit, there is other kernel
code that directly uses d_name.name as a string, e.g. as an argument for
a %s format string to printk.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list