OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ima: Call audit_log_string() rather than logging it untrusted 

The parameters passed to this logging function are all provided by
a privileged user and therefore we can call audit_log_string()
rather than audit_log_untrustedstring().

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Suggested-by: Steve Grubb <sgrubb@redhat.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Stefan Berger 2018-06-04 16:54:52 -04:00 committed by Mimi Zohar
parent 87ea584332
commit 8a3bcaf6ec
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/integrity/ima/ima_policy.c
View File

@ -663,7 +663,7 @@ static void ima_log_string_op(struct audit_buffer *ab, char *key, char *value,
audit_log_format(ab, "%s<", key);
else
audit_log_format(ab, "%s=", key);
audit_log_untrustedstring(ab, value);
audit_log_string(ab, value);
audit_log_format(ab, " ");
}
static void ima_log_string(struct audit_buffer *ab, char *key, char *value)