| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Sep 2012 10:50:27 -0700 From: Kees Cook <keescook@...omium.org> To: Dave Jones <davej@...hat.com>, Kees Cook <keescook@...omium.org>, Linux Kernel <linux-kernel@...r.kernel.org>, Al Viro <viro@...iv.linux.org.uk> Subject: Re: 3.6-rc4 audit_log_d_path oops. On Thu, Sep 6, 2012 at 9:45 AM, Dave Jones <davej@...hat.com> wrote: > On Thu, Sep 06, 2012 at 09:32:49AM -0700, Kees Cook wrote: > > > I just realised, the funny thing about this is that the machine running that test > > > had selinux/audit disabled. And yet here we are, screwing around with audit buffers. > > > > The intent was to have this message show up in dmesg even if auditd > > wasn't running, and even if the specific process wasn't being > > explicitly audited. > > > > > Should there be a test on audit_enable=0 in audit_log_link_denied() ? > > > > > > I'm now curious how much more of the audit code is getting run through similar lack of tests > > > > What is the condition in which audit_log_start fails? > > in the case of that oops, given I had booted with audit=0, I suspect it was hitting the first check... > > 1157 if (audit_initialized != AUDIT_INITIALIZED) > 1158 return NULL; Ah-ha, okay. Yeah, I'm fine with the fix you had. If _start fails, just return. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists