nlmsg_len in audit netlink messages going to userspace
Richard Guy Briggs
rgb at redhat.com
Thu Dec 5 22:05:33 UTC 2013
Hi (primarily Eric and Steve),
In audit_log_end(), nlh->nlmsg_len is incorrectly set:
nlh->nlmsg_len = ab->skb->len - NLMSG_HDRLEN;
Since this is a known bug and anticipated by userspace, we can't change
it without disrupting userspace or somehow synchronizing a fix between
the two.
The function audit_make_reply() also generates netlink messges for
userspace, indirectly called by audit_receive_msg() cases:
AUDIT_GET
AUDIT_SIGNAL_INFO
AUDIT_TTY_GET
AUDIT_LIST_RULES
AUDIT_GET_FEATURE
It doesn't make the same nlmsg_len change above.
Should it, to be consistent, or does userspace already know about those
being correct?
The userspace->kernel direction has recently been updated to fix all the
cases, I think.
- RGB
--
Richard Guy Briggs <rbriggs at redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
More information about the Linux-audit
mailing list