review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Richard Guy Briggs <rgb@redhat.com>
	Wed, 10 Oct 2018 20:22:57 +0000 (16:22 -0400)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 1 Dec 2019 08:17:17 +0000 (09:17 +0100)
commit	3c69a033b416cdebf455787f51750e3ab0c12718
tree	a9b4b3a2e6e96cda41f93d1a6d5666503703e275	tree \| snapshot
parent	5dc441fbef91a8d05c0917942692d3c06d255e73	commit \| diff

audit: print empty EXECVE args

[ Upstream commit ea956d8be91edc702a98b7fe1f9463e7ca8c42ab ]

Empty executable arguments were being skipped when printing out the list
of arguments in an EXECVE record, making it appear they were somehow
lost. Include empty arguments as an itemized empty string.

Reproducer:
autrace /bin/ls "" "/etc"
ausearch --start recent -m execve -i | grep EXECVE
type=EXECVE msg=audit(10/03/2018 13:04:03.208:1391) : argc=3 a0=/bin/ls a2=/etc

With fix:
type=EXECVE msg=audit(10/03/2018 21:51:38.290:194) : argc=3 a0=/bin/ls a1= a2=/etc
type=EXECVE msg=audit(1538617898.290:194): argc=3 a0="/bin/ls" a1="" a2="/etc"

Passes audit-testsuite. GH issue tracker at
https://github.com/linux-audit/audit-kernel/issues/99

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: cleaned up the commit metadata]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>