projects / linux-2.6-microblaze.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6510223) | patch
audit: print empty EXECVE args
authorRichard Guy Briggs <rgb@redhat.com>
Wed, 10 Oct 2018 20:22:57 +0000 (16:22 -0400)
committerPaul Moore <paul@paul-moore.com>
Mon, 5 Nov 2018 21:41:49 +0000 (16:41 -0500)
commitea956d8be91edc702a98b7fe1f9463e7ca8c42ab
tree3d5c7285a6f09c1338e22aab211afb91ddc0eba2tree | snapshot
parent651022382c7f8da46cb4872a545ee1da6d097d2acommit | diff
audit: print empty EXECVE args

Empty executable arguments were being skipped when printing out the list
of arguments in an EXECVE record, making it appear they were somehow
lost.  Include empty arguments as an itemized empty string.

Reproducer:
autrace /bin/ls "" "/etc"
ausearch --start recent -m execve -i | grep EXECVE
type=EXECVE msg=audit(10/03/2018 13:04:03.208:1391) : argc=3 a0=/bin/ls a2=/etc

With fix:
type=EXECVE msg=audit(10/03/2018 21:51:38.290:194) : argc=3 a0=/bin/ls a1= a2=/etc
type=EXECVE msg=audit(1538617898.290:194): argc=3 a0="/bin/ls" a1="" a2="/etc"

Passes audit-testsuite.  GH issue tracker at
https://github.com/linux-audit/audit-kernel/issues/99

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: cleaned up the commit metadata]
Signed-off-by: Paul Moore <paul@paul-moore.com>
kernel/auditsc.c diff | blob | history
MicroBlaze GIT Repository