diff options
author | Kees Cook <keescook@chromium.org> | 2012-01-07 10:41:04 -0800 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-01-17 16:17:03 -0500 |
commit | 41fdc3054e23e3229edea27053522fe052d02ec2 (patch) | |
tree | 00bb62aef2288df07eae059f344d11d32b004f69 /security/integrity/ima | |
parent | 5afb8a3f96573f7ea018abb768f5b6ebe1a6c1a4 (diff) |
audit: treat s_id as an untrusted string
The use of s_id should go through the untrusted string path, just to be
extra careful.
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security/integrity/ima')
-rw-r--r-- | security/integrity/ima/ima_audit.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c index c5c5a72c30be..2ad942fb1e23 100644 --- a/security/integrity/ima/ima_audit.c +++ b/security/integrity/ima/ima_audit.c @@ -56,9 +56,11 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, audit_log_format(ab, " name="); audit_log_untrustedstring(ab, fname); } - if (inode) - audit_log_format(ab, " dev=%s ino=%lu", - inode->i_sb->s_id, inode->i_ino); + if (inode) { + audit_log_format(ab, " dev="); + audit_log_untrustedstring(ab, inode->i_sb->s_id); + audit_log_format(ab, " ino=%lu", inode->i_ino); + } audit_log_format(ab, " res=%d", !result ? 0 : 1); audit_log_end(ab); } |