Closed rgbriggs closed 3 years ago
Upstreamed 2020-03-12 for 5.6-rc1 1320a4052ea1
NULL pointer dereference reported by bauen1:
Reproducer:
Mitigated by: ghak96 commit d7481b24b816 ("audit: issue CWD record to accompany LSM_AUDITDATA* records")
Code audit still needed to check all other records generated from audit_log_exit().
v2 reverted from audit/stable-5.8 and audit-pr-20200729 https://www.redhat.com/archives/linux-audit/2020-July/msg00144.html 8ac68dc455d9 revert: 1320a4052ea1 ("audit: trigger accompanying records when no rules present") https://www.redhat.com/archives/linux-audit/2020-July/msg00170.html
v5.7-rc1 1320a4052ea1 audit: trigger accompanying records when no rules present v5.9-rc1 d7481b24b816 audit: issue CWD record to accompany LSM_AUDITDATA* records v5.8 8ac68dc455d9 revert: 1320a4052ea1 ("audit: trigger accompanying records when no rules present") audit/next 6d915476e67d audit: trigger accompanying records when no rules present
On 2020-12-16 18:28, Paul Moore wrote:
Reopened #120.
I was going to say... It isn't in Linus' tree yet, which is why I didn't ask to have it closed yet. :-)
Yes, I was on a bit of a roll closing out issues and this was a case of my finger clicking on the "Close" button while my mind was still reading the last update :)
In v5.11-rc1 2020-12-27, in v5.11 2021-02-14
When there are no audit rules registered, mandatory records (config, etc.) are missing their accompanying records (syscall, proctitle, etc.).
This is due to audit context dummy set on syscall entry based on absence of rules that signals that no other records are to be printed.