summaryrefslogtreecommitdiffstats
path: root/drivers/char/tty_audit.c
diff options
context:
space:
mode:
authorMiloslav Trmac <mitr@redhat.com>2008-04-18 13:30:14 -0700
committerAl Viro <viro@zeniv.linux.org.uk>2008-04-28 06:28:24 -0400
commit41126226e186d92a45ed664e546abb5204588359 (patch)
treecd31de9587e81b01934fe95e574be109dd0129c7 /drivers/char/tty_audit.c
parent7719e437fac119e57b17588bab3a8e39ff9d22eb (diff)
[patch 1/2] audit: let userspace fully control TTY input auditing
Remove the code that automatically disables TTY input auditing in processes that open TTYs when they have no other TTY open; this heuristic was intended to automatically handle daemons, but it has false positives (e.g. with sshd) that make it impossible to control TTY input auditing from a PAM module. With this patch, TTY input auditing is controlled from user-space only. On the other hand, not even for daemons does it make sense to audit "input" from PTY masters; this data was produced by a program writing to the PTY slave, and does not represent data entered by the user. Signed-off-by: Miloslav Trmac <mitr@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'drivers/char/tty_audit.c')
-rw-r--r--drivers/char/tty_audit.c54
1 files changed, 4 insertions, 50 deletions
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c
index caeedd12d49..6342b0534f4 100644
--- a/drivers/char/tty_audit.c
+++ b/drivers/char/tty_audit.c
@@ -233,6 +233,10 @@ void tty_audit_add_data(struct tty_struct *tty, unsigned char *data,
if (unlikely(size == 0))
return;
+ if (tty->driver->type == TTY_DRIVER_TYPE_PTY
+ && tty->driver->subtype == PTY_TYPE_MASTER)
+ return;
+
buf = tty_audit_buf_get(tty);
if (!buf)
return;
@@ -295,53 +299,3 @@ void tty_audit_push(struct tty_struct *tty)
tty_audit_buf_put(buf);
}
}
-
-/**
- * tty_audit_opening - A TTY is being opened.
- *
- * As a special hack, tasks that close all their TTYs and open new ones
- * are assumed to be system daemons (e.g. getty) and auditing is
- * automatically disabled for them.
- */
-void tty_audit_opening(void)
-{
- int disable;
-
- disable = 1;
- spin_lock_irq(&current->sighand->siglock);
- if (current->signal->audit_tty == 0)
- disable = 0;
- spin_unlock_irq(&current->sighand->siglock);
- if (!disable)
- return;
-
- task_lock(current);
- if (current->files) {
- struct fdtable *fdt;
- unsigned i;
-
- /*
- * We don't take a ref to the file, so we must hold ->file_lock
- * instead.
- */
- spin_lock(&current->files->file_lock);
- fdt = files_fdtable(current->files);
- for (i = 0; i < fdt->max_fds; i++) {
- struct file *filp;
-
- filp = fcheck_files(current->files, i);
- if (filp && is_tty(filp)) {
- disable = 0;
- break;
- }
- }
- spin_unlock(&current->files->file_lock);
- }
- task_unlock(current);
- if (!disable)
- return;
-
- spin_lock_irq(&current->sighand->siglock);
- current->signal->audit_tty = 0;
- spin_unlock_irq(&current->sighand->siglock);
-}