lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120920090545.465ca00d@redhat.com>
Date:	Thu, 20 Sep 2012 09:05:45 -0400
From:	Eric Paris <eparis@...hat.com>
To:	Arnaldo Carvalho de Melo <acme@...stprotocols.net>
Cc:	Al Viro <viro@...iv.linux.org.uk>, David Ahern <dsahern@...il.com>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Ingo Molnar <mingo@...nel.org>, Jiri Olsa <jolsa@...hat.com>,
	Mike Galbraith <efault@....de>,
	Namhyung Kim <namhyung@...il.com>,
	Paul Mackerras <paulus@...ba.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Stephane Eranian <eranian@...gle.com>,
	Steven Rostedt <rostedt@...dmis.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	jlayton@...hat.com
Subject: Re: [PATCH 1/1] audit: Use a tracepoint for getname

cc'ing Jeff Layton who has recently done a lot of getname work and I
want to make sure he sees this.


On Wed, 19 Sep 2012 15:56:59 -0700
Arnaldo Carvalho de Melo <acme@...stprotocols.net> wrote:

> Al, Eric,
> 
> 	Was this considered before? Acceptable?
> 
> - Arnaldo
> 
> ---
> 
> Instead of an explicit hook only for audit, use a tracepoint, so that
> other users that need to know about filenames can hook there just like
> audit.

> @@ -978,6 +986,9 @@ static int __init audit_init(void)
>  	else
>  		audit_sock->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
>  
> +	if (register_trace_getname(audit_getname, NULL))
> +		audit_panic("cannot register getname tracepoint");
> +
>  	skb_queue_head_init(&audit_skb_queue);
>  	skb_queue_head_init(&audit_skb_hold_queue);
>  	audit_initialized = AUDIT_INITIALIZED;

I think we need to just use panic instead of audit_panic.  This early
at boot userspace would not have been able to tell the kernel that
audit_panic == panic nor would the box die later if userspace ask for
that functionality.  Instead the box would run but audit would be
broken, which customers who want audit_panic == panic would be most
upset about.

Otherwise, its good to me.

-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ