| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130914180852.GA24970@redhat.com> Date: Sat, 14 Sep 2013 20:08:52 +0200 From: Oleg Nesterov <oleg@...hat.com> To: Steve Grubb <sgrubb@...hat.com> Cc: linux-audit@...hat.com, Richard Guy Briggs <rgb@...hat.com>, linux-kernel@...r.kernel.org Subject: Re: audit looks unmaintained? [was: Re: [PATCH 11/12] pid: rewrite task helper functions avoiding task->pid and task->tgid] On 09/13, Steve Grubb wrote: > > On Sunday, September 08, 2013 05:54:35 PM Oleg Nesterov wrote: > > > > Then why audit_alloc() doesn't set TIF_SYSCALL_AUDIT unconditionally? > > The code I'm looking at does right at the end of the function. The code I'm looking at does right at the end too ;) but it also returns at the start if audit_filter_task() returns AUDIT_DISABLED. > > And I do not understand "when context == NULL" above. Say, > > audit_syscall_entry() does nothing if !audit_context, and nobody except > > copy_process() does audit_alloc(). So why do we need to trigger the audit's > > paths if it is NULL? > > Because if you enter the audit framework, framework? TIF_SYSCALL_AUDIT has only meaning in entry.S, we need it to ensure that the audited task can't miss audit_syscall_*(). > that means auditing has been turned > on at some point in the past, and could be turned back on at some point in the > future. And this will change nothing, afaics (wrt TIF_SYSCALL_AUDIT). Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists