Fix security_bprm_committed_creds hook

security_bprm_committed_creds does not return any value (void). LKRG's old logic for handling exec* family verified return code. This is an incorrect behavior for the current design. Fix it.
lkrg-org · Jan 20, 2021 · e43d2dd · e43d2dd
1 parent 1a72c11
commit e43d2dd
Showing 1 changed file with 5 additions and 13 deletions.
diff --git a/...detection/syscalls/exec/p_security_bprm_committed_creds/p_security_bprm_committed_creds.c b/...detection/syscalls/exec/p_security_bprm_committed_creds/p_security_bprm_committed_creds.c
@@ -91,21 +91,13 @@ notrace int p_security_bprm_committed_creds_ret(struct kretprobe_instance *ri, s
    // Update process
    p_tasks_write_lock(&p_flags);
    if ( (p_tmp = p_find_ed_by_pid(task_pid_nr(current))) != NULL) {
-      if (!p_regs_get_ret(p_regs) ||
-          (!task_pid_nr(p_tmp->p_ed_task.p_task) && !p_tmp->p_ed_task.p_task->comm[0])) {
-         // This process is on the ED list - update information!
-         p_print_log(P_LKRG_INFO, "Updating ED pid[%d]\n",task_pid_nr(current));
-         p_update_ed_process(p_tmp, current, 1);
+      // This process is on the ED list - update information!
+      p_print_log(P_LKRG_INFO, "Updating ED pid[%d]\n",task_pid_nr(current));
+      p_update_ed_process(p_tmp, current, 1);
 #ifdef P_LKRG_TASK_OFF_DEBUG
-         p_debug_off_flag_reset(p_tmp, 40);
+      p_debug_off_flag_reset(p_tmp, 40);
 #endif
-         p_reset_ed_flags(p_tmp);
-      } else {
-#ifdef P_LKRG_TASK_OFF_DEBUG
-         p_debug_off_flag_on(p_tmp, 40);
-#endif
-         p_set_ed_process_on(p_tmp);
-      }
+      p_reset_ed_flags(p_tmp);
    }
    p_tasks_write_unlock(&p_flags);