summaryrefslogtreecommitdiffstats
path: root/include/linux/binfmts.h
diff options
context:
space:
mode:
authorPeter Zijlstra <a.p.zijlstra@chello.nl>2007-07-19 01:48:15 -0700
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-07-19 10:04:45 -0700
commitbdf4c48af20a3b0f01671799ace345e3d49576da (patch)
tree7c3b903d2de1cba6e212ad6f347bc8742b08035a /include/linux/binfmts.h
parentb111757c50ee30dad162192df6168e270a90c252 (diff)
downloadop-kernel-dev-bdf4c48af20a3b0f01671799ace345e3d49576da.zip
op-kernel-dev-bdf4c48af20a3b0f01671799ace345e3d49576da.tar.gz
audit: rework execve audit
The purpose of audit_bprm() is to log the argv array to a userspace daemon at the end of the execve system call. Since user-space hasn't had time to run, this array is still in pristine state on the process' stack; so no need to copy it, we can just grab it from there. In order to minimize the damage to audit_log_*() copy each string into a temporary kernel buffer first. Currently the audit code requires that the full argument vector fits in a single packet. So currently it does clip the argv size to a (sysctl) limit, but only when execve auditing is enabled. If the audit protocol gets extended to allow for multiple packets this check can be removed. Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Ollie Wild <aaw@google.com> Cc: <linux-audit@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'include/linux/binfmts.h')
-rw-r--r--include/linux/binfmts.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index e1a7083..a0b209c 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -40,6 +40,7 @@ struct linux_binprm{
unsigned interp_flags;
unsigned interp_data;
unsigned long loader, exec;
+ unsigned long argv_len;
};
#define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0
OpenPOWER on IntegriCloud