[patch 1/2] audit: let userspace fully control TTY input auditing

Remove the code that automatically disables TTY input auditing in processes
that open TTYs when they have no other TTY open; this heuristic was
intended to automatically handle daemons, but it has false positives (e.g.
with sshd) that make it impossible to control TTY input auditing from a PAM
module.  With this patch, TTY input auditing is controlled from user-space
only.

On the other hand, not even for daemons does it make sense to audit "input"
from PTY masters; this data was produced by a program writing to the PTY
slave, and does not represent data entered by the user.

Signed-off-by: Miloslav Trmac <mitr@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Miloslav Trmac 2008-04-18 13:30:14 -07:00 committed by Al Viro
parent 7719e437fa
commit 41126226e1
3 changed files with 5 additions and 59 deletions

View file

@ -233,6 +233,10 @@ void tty_audit_add_data(struct tty_struct *tty, unsigned char *data,
if (unlikely(size == 0))
return;
if (tty->driver->type == TTY_DRIVER_TYPE_PTY
&& tty->driver->subtype == PTY_TYPE_MASTER)
return;
buf = tty_audit_buf_get(tty);
if (!buf)
return;
@ -295,53 +299,3 @@ void tty_audit_push(struct tty_struct *tty)
tty_audit_buf_put(buf);
}
}
/**
* tty_audit_opening - A TTY is being opened.
*
* As a special hack, tasks that close all their TTYs and open new ones
* are assumed to be system daemons (e.g. getty) and auditing is
* automatically disabled for them.
*/
void tty_audit_opening(void)
{
int disable;
disable = 1;
spin_lock_irq(&current->sighand->siglock);
if (current->signal->audit_tty == 0)
disable = 0;
spin_unlock_irq(&current->sighand->siglock);
if (!disable)
return;
task_lock(current);
if (current->files) {
struct fdtable *fdt;
unsigned i;
/*
* We don't take a ref to the file, so we must hold ->file_lock
* instead.
*/
spin_lock(&current->files->file_lock);
fdt = files_fdtable(current->files);
for (i = 0; i < fdt->max_fds; i++) {
struct file *filp;
filp = fcheck_files(current->files, i);
if (filp && is_tty(filp)) {
disable = 0;
break;
}
}
spin_unlock(&current->files->file_lock);
}
task_unlock(current);
if (!disable)
return;
spin_lock_irq(&current->sighand->siglock);
current->signal->audit_tty = 0;
spin_unlock_irq(&current->sighand->siglock);
}

View file

@ -2755,7 +2755,6 @@ got_driver:
__proc_set_tty(current, tty);
spin_unlock_irq(&current->sighand->siglock);
mutex_unlock(&tty_mutex);
tty_audit_opening();
return 0;
}
@ -2818,10 +2817,8 @@ static int ptmx_open(struct inode *inode, struct file *filp)
check_tty_count(tty, "tty_open");
retval = ptm_driver->open(tty, filp);
if (!retval) {
tty_audit_opening();
if (!retval)
return 0;
}
out1:
release_dev(filp);
return retval;

View file

@ -300,7 +300,6 @@ extern void tty_hangup(struct tty_struct * tty);
extern void tty_vhangup(struct tty_struct * tty);
extern void tty_unhangup(struct file *filp);
extern int tty_hung_up_p(struct file * filp);
extern int is_tty(struct file *filp);
extern void do_SAK(struct tty_struct *tty);
extern void __do_SAK(struct tty_struct *tty);
extern void disassociate_ctty(int priv);
@ -352,7 +351,6 @@ extern void tty_audit_exit(void);
extern void tty_audit_fork(struct signal_struct *sig);
extern void tty_audit_push(struct tty_struct *tty);
extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid);
extern void tty_audit_opening(void);
#else
static inline void tty_audit_add_data(struct tty_struct *tty,
unsigned char *data, size_t size)
@ -370,9 +368,6 @@ static inline void tty_audit_push(struct tty_struct *tty)
static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
{
}
static inline void tty_audit_opening(void)
{
}
#endif
/* tty_ioctl.c */