| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <cover.1401486790.git.luto@amacapital.net> Date: Fri, 30 May 2014 14:58:46 -0700 From: Andy Lutomirski <luto@...capital.net> To: x86@...nel.org, linux-kernel@...r.kernel.org, linux-audit@...hat.com, Steve Grubb <sgrubb@...hat.com>, Eric Paris <eparis@...hat.com>, "H. Peter Anvin" <hpa@...or.com> Cc: Andy Lutomirski <luto@...capital.net> Subject: [PATCH 0/2] Syscall auditing lite I've made no secret of the fact that I dislike syscall auditing. As far as I can tell, the main technical (i.e. not compliance-related) use of syscall auditing is to supply some useful context information to go along with events like AVC denials. CONFIG_AUDITSYSCALL is serious overkill to do this. kernel/auditsc.c is ~2500 lines of terror. This patchset accomplishes the same goal, more usefully, with no overhead at all, in under 70 lines of code. It tries to coexist cleanly with CONFIG_AUDITSYSCALL. This is only implemented for x86. Other architectures can add support fairly easily, I think. Andy Lutomirski (2): x86,syscall: Add syscall_in_syscall to test whether we're in a syscall audit: Syscall auditing lite arch/x86/Kconfig | 1 + arch/x86/include/asm/syscall.h | 21 ++++++++++++++++++++ init/Kconfig | 3 +++ kernel/audit.c | 44 +++++++++++++++++++++++++++++++++++++++++- 4 files changed, 68 insertions(+), 1 deletion(-) -- 1.9.3 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists