lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 14 Nov 2014 22:32:51 -0500
From:	Richard Guy Briggs <rgb@...hat.com>
To:	Steve Grubb <sgrubb@...hat.com>
Cc:	Paul Moore <pmoore@...hat.com>, linux-audit@...hat.com,
	linux-kernel@...r.kernel.org, eparis@...isplace.org
Subject: Re: [PATCH] audit: convert status version to a feature bitmap

On 14/11/13, Steve Grubb wrote:
> On Thursday, November 13, 2014 08:08:52 PM Richard Guy Briggs wrote:
> > > So what terrible things happen to userspace if
> > > AUDIT_VERSION_BACKLOG_WAIT_TIME  becomes 0x03 instead of 0x02?
> > 
> > But it won't.  It gets the value of
> > AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME, which is 0x00000002.
> > 
> > I think you meant to ask about AUDIT_VERSION_LATEST, which would become 3.
> > 
> > You *did* already ask that question in a previous thread, and there
> > didn't seem to be a concern.  Steve Grubb could likely answer this
> > question better than me.
> 
> The audit 2.4.1 package has been pushed to everything from F20 -> rawhide. If 
> you don't see any problems, then its safe. But check carefully around the 
> things that you did change. Right now, we only are caring about only one 
> kernel feature, --loginuid-immutable. Check that it still works, auditctl -s.

Here's my output, which I assume looks sane:

[root@f20 ~]# rpm -q audit
audit-2.4.1-1.fc20.x86_64
[root@f20 ~]# auditctl -s
enabled 1
flag 1
pid 307
rate_limit 0
backlog_limit 320
lost 0
backlog 0
backlog_wait_time 60000
loginuid_immutable 0 unlocked

> -Steve

- RGB

--
Richard Guy Briggs <rbriggs@...hat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists