releases/3.14.5/audit-convert-ppids-to-the-inital-pid-namespace.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From c92cdeb45eea38515e82187f48c2e4f435fb4e25 Mon Sep 17 00:00:00 2001
 From: Richard Guy Briggs <rgb@redhat.com>
 Date: Tue, 10 Dec 2013 22:10:41 -0500
 Subject: audit: convert PPIDs to the inital PID namespace.

 From: Richard Guy Briggs <rgb@redhat.com>

 commit c92cdeb45eea38515e82187f48c2e4f435fb4e25 upstream.

 sys_getppid() returns the parent pid of the current process in its own pid
 namespace.  Since audit filters are based in the init pid namespace, a process
 could avoid a filter or trigger an unintended one by being in an alternate pid
 namespace or log meaningless information.

 Switch to task_ppid_nr() for PPIDs to anchor all audit filters in the
 init_pid_ns.

 (informed by ebiederman's 6c621b7e)
 Cc: Eric W. Biederman <ebiederm@xmission.com>
 Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  kernel/audit.c   |    4 ++--
  kernel/auditsc.c |    2 +-
  2 files changed, 3 insertions(+), 3 deletions(-)

 --- a/kernel/audit.c
 +++ b/kernel/audit.c
 @@ -1829,10 +1829,10 @@ void audit_log_task_info(struct audit_bu
  	spin_unlock_irq(&tsk->sighand->siglock);

  	audit_log_format(ab,
 -			 " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
 +			 " ppid=%d pid=%d auid=%u uid=%u gid=%u"
  			 " euid=%u suid=%u fsuid=%u"
  			 " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
 -			 sys_getppid(),
 +			 task_ppid_nr(tsk),
  			 tsk->pid,
  			 from_kuid(&init_user_ns, audit_get_loginuid(tsk)),
  			 from_kuid(&init_user_ns, cred->uid),
 --- a/kernel/auditsc.c
 +++ b/kernel/auditsc.c
 @@ -459,7 +459,7 @@ static int audit_filter_rules(struct tas
  		case AUDIT_PPID:
  			if (ctx) {
  				if (!ctx->ppid)
 -					ctx->ppid = sys_getppid();
 +					ctx->ppid = task_ppid_nr(tsk);
  				result = audit_comparator(ctx->ppid, f->op, f->val);
  			}
  			break;
	From c92cdeb45eea38515e82187f48c2e4f435fb4e25 Mon Sep 17 00:00:00 2001
	From: Richard Guy Briggs <rgb@redhat.com>
	Date: Tue, 10 Dec 2013 22:10:41 -0500
	Subject: audit: convert PPIDs to the inital PID namespace.

	From: Richard Guy Briggs <rgb@redhat.com>

	commit c92cdeb45eea38515e82187f48c2e4f435fb4e25 upstream.

	sys_getppid() returns the parent pid of the current process in its own pid
	namespace. Since audit filters are based in the init pid namespace, a process
	could avoid a filter or trigger an unintended one by being in an alternate pid
	namespace or log meaningless information.

	Switch to task_ppid_nr() for PPIDs to anchor all audit filters in the
	init_pid_ns.

	(informed by ebiederman's 6c621b7e)
	Cc: Eric W. Biederman <ebiederm@xmission.com>
	Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	kernel/audit.c \| 4 ++--
	kernel/auditsc.c \| 2 +-
	2 files changed, 3 insertions(+), 3 deletions(-)

	--- a/kernel/audit.c
	+++ b/kernel/audit.c
	@@ -1829,10 +1829,10 @@ void audit_log_task_info(struct audit_bu
	spin_unlock_irq(&tsk->sighand->siglock);

	audit_log_format(ab,
	- " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
	+ " ppid=%d pid=%d auid=%u uid=%u gid=%u"
	" euid=%u suid=%u fsuid=%u"
	" egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
	- sys_getppid(),
	+ task_ppid_nr(tsk),
	tsk->pid,
	from_kuid(&init_user_ns, audit_get_loginuid(tsk)),
	from_kuid(&init_user_ns, cred->uid),
	--- a/kernel/auditsc.c
	+++ b/kernel/auditsc.c
	@@ -459,7 +459,7 @@ static int audit_filter_rules(struct tas
	case AUDIT_PPID:
	if (ctx) {
	if (!ctx->ppid)
	- ctx->ppid = sys_getppid();
	+ ctx->ppid = task_ppid_nr(tsk);
	result = audit_comparator(ctx->ppid, f->op, f->val);
	}
	break;