All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] libaudit.c - add entry list check for the path filter
@ 2006-05-18 14:23 Michael C Thompson
  2006-05-18 15:42 ` Steve Grubb
  0 siblings, 1 reply; 2+ messages in thread
From: Michael C Thompson @ 2006-05-18 14:23 UTC (permalink / raw)
  To: Linux Audit

The auditctl filter "path" is only valid on the exit filter list, and 
the current version of auditctl does not perform this sanity check. 
Other values filter options which are required to be on the exit list 
have this sanity-check mechanism.

Below is a patch which adds this sanity check for the "path" filter keyword.

Thanks,
Mike

---

Signed-off-by: Michael Thompson <thompsmc@us.ibm.com>


--- audit-1.2.2-orig/lib/libaudit.c     2006-04-16 08:57:11.000000000 -0500
+++ audit-1.2.2/lib/libaudit.c  2006-05-17 14:56:55.000000000 -0500
@@ -952,6 +952,10 @@
                 case AUDIT_SE_SEN:
                 case AUDIT_SE_CLR:
                 case AUDIT_WATCH:
+                       /* Watch is invalid on entry */
+                       if ((flags == AUDIT_FILTER_ENTRY) &&
+                               (field == AUDIT_WATCH))
+                               return -7;
                         rule->values[rule->field_count] = strlen(v);
                         offset = rule->buflen;
                         rule->buflen += strlen(v);

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-05-18 15:42 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-05-18 14:23 [PATCH] libaudit.c - add entry list check for the path filter Michael C Thompson
2006-05-18 15:42 ` Steve Grubb

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.