[PATCH] Fix remaining cases of direct logging of untrusted strings by avc_audit
Stephen Smalley
sds at tycho.nsa.gov
Wed May 25 14:08:52 UTC 2005
On Tue, 2005-05-24 at 22:16 +0100, David Woodhouse wrote:
> On Tue, 2005-05-24 at 16:11 -0500, Klaus Weidner wrote:
> > > I wouldn't claim to be 100% convinced that it's always nul-terminated,
> > > but we were relying on that already so OK.
> >
> > Good thing we're not trying to get certified at EAL7, this doesn't quite
> > meet "formally verified design" requirements ;-)
>
> Heh, yeah. I do remember going through the code at one point for some
> reason any trying to convince myself it was always NUL-terminated. I
> _think_ it is, but I don't 100% recall my conclusion, or even why I was
> checking. Once upon a time it certainly wasn't, but now I think it is.
>
> I wouldn't have introduced such an assumption without going through and
> checking for myself, but since we were already making that assumption
> I'm prepared to trust it for now.
Other option would be to change audit_log_untrustedstring() to take a
length parameter or provide a variant interface that takes one, and use
that to explicitly pass the length.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list