On Thu, May 24, 2018 at 4:10 PM, Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> wrote: > The parameters passed to this logging function are all provided by > a privileged user and therefore we can call audit_log_string() > rather than audit_log_untrustedstring(). > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> > Suggested-by: Steve Grubb <sgrubb@xxxxxxxxxx> > --- > security/integrity/ima/ima_policy.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx> > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c > index d89bebf85421..a823f11a3e6b 100644 > --- a/security/integrity/ima/ima_policy.c > +++ b/security/integrity/ima/ima_policy.c > @@ -615,7 +615,7 @@ static void ima_log_string_op(struct audit_buffer *ab, char *key, char *value, > audit_log_format(ab, "%s<", key); > else > audit_log_format(ab, "%s=", key); > - audit_log_untrustedstring(ab, value); > + audit_log_string(ab, value); > audit_log_format(ab, " "); > } > static void ima_log_string(struct audit_buffer *ab, char *key, char *value) > -- > 2.13.6 > > -- > Linux-audit mailing list > Linux-audit@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/linux-audit -- paul moore www.paul-moore.com
