[PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record

kbuild test robot lkp at intel.com
Mon Mar 12 18:22:59 UTC 2018 

Hi Richard,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on linus/master]
[also build test ERROR on v4.16-rc5 next-20180309]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Richard-Guy-Briggs/audit-address-ANOM_LINK-excess-records/20180313-015527
config: i386-tinyconfig (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
        # save the attached .config to linux build tree
        make ARCH=i386 

Note: the linux-review/Richard-Guy-Briggs/audit-address-ANOM_LINK-excess-records/20180313-015527 HEAD 12e8c56bcd359f7d20d4ae011674d37bc832bc4c builds fine.
      It only hurts bisectibility.

All errors (new ones prefixed by >>):

   fs/namei.c: In function 'may_follow_link':
>> fs/namei.c:929:2: error: too many arguments to function 'audit_log_link_denied'
     audit_log_link_denied("follow_link", &nd->stack[0].link);
     ^~~~~~~~~~~~~~~~~~~~~
   In file included from include/linux/fsnotify.h:16:0,
                    from fs/namei.c:25:
   include/linux/audit.h:196:20: note: declared here
    static inline void audit_log_link_denied(const char *string)
                       ^~~~~~~~~~~~~~~~~~~~~

vim +/audit_log_link_denied +929 fs/namei.c

800179c9b Kees Cook         2012-07-25  886  
800179c9b Kees Cook         2012-07-25  887  /**
800179c9b Kees Cook         2012-07-25  888   * may_follow_link - Check symlink following for unsafe situations
55852635a Randy Dunlap      2012-08-18  889   * @nd: nameidata pathwalk data
800179c9b Kees Cook         2012-07-25  890   *
800179c9b Kees Cook         2012-07-25  891   * In the case of the sysctl_protected_symlinks sysctl being enabled,
800179c9b Kees Cook         2012-07-25  892   * CAP_DAC_OVERRIDE needs to be specifically ignored if the symlink is
800179c9b Kees Cook         2012-07-25  893   * in a sticky world-writable directory. This is to protect privileged
800179c9b Kees Cook         2012-07-25  894   * processes from failing races against path names that may change out
800179c9b Kees Cook         2012-07-25  895   * from under them by way of other users creating malicious symlinks.
800179c9b Kees Cook         2012-07-25  896   * It will permit symlinks to be followed only when outside a sticky
800179c9b Kees Cook         2012-07-25  897   * world-writable directory, or when the uid of the symlink and follower
800179c9b Kees Cook         2012-07-25  898   * match, or when the directory owner matches the symlink's owner.
800179c9b Kees Cook         2012-07-25  899   *
800179c9b Kees Cook         2012-07-25  900   * Returns 0 if following the symlink is allowed, -ve on error.
800179c9b Kees Cook         2012-07-25  901   */
fec2fa24e Al Viro           2015-05-06  902  static inline int may_follow_link(struct nameidata *nd)
800179c9b Kees Cook         2012-07-25  903  {
800179c9b Kees Cook         2012-07-25  904  	const struct inode *inode;
800179c9b Kees Cook         2012-07-25  905  	const struct inode *parent;
2d7f9e2ad Seth Forshee      2016-04-26  906  	kuid_t puid;
800179c9b Kees Cook         2012-07-25  907  
800179c9b Kees Cook         2012-07-25  908  	if (!sysctl_protected_symlinks)
800179c9b Kees Cook         2012-07-25  909  		return 0;
800179c9b Kees Cook         2012-07-25  910  
800179c9b Kees Cook         2012-07-25  911  	/* Allowed if owner and follower match. */
fceef393a Al Viro           2015-12-29  912  	inode = nd->link_inode;
81abe27b1 Eric W. Biederman 2012-08-03  913  	if (uid_eq(current_cred()->fsuid, inode->i_uid))
800179c9b Kees Cook         2012-07-25  914  		return 0;
800179c9b Kees Cook         2012-07-25  915  
800179c9b Kees Cook         2012-07-25  916  	/* Allowed if parent directory not sticky and world-writable. */
aa65fa35b Al Viro           2015-08-04  917  	parent = nd->inode;
800179c9b Kees Cook         2012-07-25  918  	if ((parent->i_mode & (S_ISVTX|S_IWOTH)) != (S_ISVTX|S_IWOTH))
800179c9b Kees Cook         2012-07-25  919  		return 0;
800179c9b Kees Cook         2012-07-25  920  
800179c9b Kees Cook         2012-07-25  921  	/* Allowed if parent directory and link owner match. */
2d7f9e2ad Seth Forshee      2016-04-26  922  	puid = parent->i_uid;
2d7f9e2ad Seth Forshee      2016-04-26  923  	if (uid_valid(puid) && uid_eq(puid, inode->i_uid))
800179c9b Kees Cook         2012-07-25  924  		return 0;
800179c9b Kees Cook         2012-07-25  925  
31956502d Al Viro           2015-05-07  926  	if (nd->flags & LOOKUP_RCU)
31956502d Al Viro           2015-05-07  927  		return -ECHILD;
31956502d Al Viro           2015-05-07  928  
1cf2665b5 Al Viro           2015-05-06 @929  	audit_log_link_denied("follow_link", &nd->stack[0].link);
800179c9b Kees Cook         2012-07-25  930  	return -EACCES;
800179c9b Kees Cook         2012-07-25  931  }
800179c9b Kees Cook         2012-07-25  932  

:::::: The code at line 929 was first introduced by commit
:::::: 1cf2665b5bdfc63185fb4a416bff54b14ad30c79 namei: kill nd->link

:::::: TO: Al Viro <viro at zeniv.linux.org.uk>
:::::: CC: Al Viro <viro at zeniv.linux.org.uk>

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: .config.gz
Type: application/gzip
Size: 6733 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20180313/e3eb882f/attachment.gz>

More information about the Linux-audit mailing list