| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <fc8dc7d245b6962d330eeedea544d7e4fd56e78c.1518230355.git.rgb@redhat.com>
Date: Fri, 9 Feb 2018 21:40:31 -0500
From: Richard Guy Briggs <rgb@...hat.com>
To: Linux-Audit Mailing List <linux-audit@...hat.com>,
LKML <linux-kernel@...r.kernel.org>
Cc: Paul Moore <paul@...l-moore.com>, Eric Paris <eparis@...hat.com>,
Steve Grubb <sgrubb@...hat.com>,
Richard Guy Briggs <rgb@...hat.com>
Subject: [PATCH V2 2/3] audit: bail ASAP on syscall entry
Since removing the audit entry filter, test for early return before
setting up any context state.
Signed-off-by: Richard Guy Briggs <rgb@...hat.com>
---
kernel/auditsc.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 9348302..bc534bf 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1519,23 +1519,23 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2,
if (!audit_enabled)
return;
- context->arch = syscall_get_arch();
- context->major = major;
- context->argv[0] = a1;
- context->argv[1] = a2;
- context->argv[2] = a3;
- context->argv[3] = a4;
-
state = context->state;
+ if (state == AUDIT_DISABLED)
+ return;
+
context->dummy = !audit_n_rules;
if (!context->dummy && state == AUDIT_BUILD_CONTEXT) {
context->prio = 0;
if (auditd_test_task(tsk))
return;
}
- if (state == AUDIT_DISABLED)
- return;
+ context->arch = syscall_get_arch();
+ context->major = major;
+ context->argv[0] = a1;
+ context->argv[1] = a2;
+ context->argv[2] = a3;
+ context->argv[3] = a4;
context->serial = 0;
context->ctime = current_kernel_time64();
context->in_syscall = 1;
--
1.8.3.1
Powered by blists - more mailing lists