Another slab size-32 leak 2.6.16-rc4-mm2
Stephan Mueller
smueller at atsec.com
Tue Feb 28 14:20:25 UTC 2006
Hi folks,
I reply to the discussion on the function audit_ipc_context() - as I just
subscribed, I do not have the right thread handle.
Before looking into the question, I looked at the thread. The function
audit_ipc_context(struct kern_ipc_perm *ipcp) you are talking about
implements oopses:
quite obvious I guess:
if (len < 0)
goto error_path;
[...]
ctx = kmalloc(len, GFP_ATOMIC);
if (!ctx)
goto error_path;
[...]
error_path:
kfree(ctx);
audit_panic("error in audit_ipc_context");
You free ctx although it has not been allocated - I do not like that ;-)
Other than that, let me see whether I can help you answering the questions.
Please tell me if I misunderstand anything: The question for you
is whether to keep this function. This function is about to collect labels
for IPC functions. If this function is gone, you cannot audit any labels for
the IPC functions any more?!
If this is the case, then this function needs to stay, because:
- syscalls msg*, sem*, shm* (except shmdt) do DAC checks - now, they also
perform MAC checks by calling appropriate SELinux hooks (as required by the
ST as IPC mechanisms are subject to MAC - I think shmdt now must also be
subject to MAC at least), then these syscalls must perform audit
- the audit requirement for IPC calls is specified in FAU_GEN.1.1 LSPP in the
table: "All decisions on requests for information flow" must be audited
- FAU_SAR.3 LSPP requires that subject and object sensitivity labels are to be
audited.
Ergo, the functionality in question must stay.
Ciao
Stephan
More information about the Linux-audit
mailing list