| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Feb 2020 16:00:37 -0500
From: Richard Guy Briggs <rgb@...hat.com>
To: Linux-Audit Mailing List <linux-audit@...hat.com>,
LKML <linux-kernel@...r.kernel.org>
Cc: Paul Moore <paul@...l-moore.com>, sgrubb@...hat.com,
omosnace@...hat.com, eparis@...isplace.org,
Richard Guy Briggs <rgb@...hat.com>
Subject: [PATCH ghak120] audit: trigger accompanying records when no rules present
When there are no audit rules registered, mandatory records (config,
etc.) are missing their accompanying records (syscall, proctitle, etc.).
This is due to audit context dummy set on syscall entry based on absence
of rules that signals that no other records are to be printed.
Clear the dummy bit in auditsc_set_stamp() when the first record of an
event is generated.
Please see upstream github issue
https://github.com/linux-audit/audit-kernel/issues/120
Signed-off-by: Richard Guy Briggs <rgb@...hat.com>
---
kernel/auditsc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 4effe01ebbe2..31195d122344 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2176,6 +2176,8 @@ int auditsc_get_stamp(struct audit_context *ctx,
t->tv_sec = ctx->ctime.tv_sec;
t->tv_nsec = ctx->ctime.tv_nsec;
*serial = ctx->serial;
+ if (ctx->dummy)
+ ctx->dummy = 0;
if (!ctx->prio) {
ctx->prio = 1;
ctx->current_state = AUDIT_RECORD_CONTEXT;
--
1.8.3.1
Powered by blists - more mailing lists