From mboxrd@z Thu Jan 1 00:00:00 1970 From: ramsdell@mitre.org (John D. Ramsdell) Subject: Re: [PATCH] Reporting file descriptors and exec args Date: 14 Sep 2006 05:38:45 -0400 Message-ID: References: <4507306D.2000306@hp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31]) by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k8E9clWE009334 for ; Thu, 14 Sep 2006 05:38:47 -0400 Received: from smtp-mclean.mitre.org (smtpproxy2.mitre.org [192.80.55.71]) by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k8E9ckOx009076 for ; Thu, 14 Sep 2006 05:38:46 -0400 Received: from smtp-mclean.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-mclean.mitre.org (8.12.11.20060308/8.12.11) with SMTP id k8E9cj5j022864 for ; Thu, 14 Sep 2006 05:38:45 -0400 Received: from smtp-mclean.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-mclean.mitre.org (Postfix) with ESMTP id A62B11BD82 for ; Thu, 14 Sep 2006 05:38:45 -0400 (EDT) In-Reply-To: <4507306D.2000306@hp.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Linux Audit Cc: bsniffen@mitre.org List-Id: linux-audit@redhat.com I withdraw the previously submitted kernel patch. In addition to the errors already pointed out on this list, the patch was produced several months ago, and the kernel has changed since then. In addition, the audit records for execve and open in the latest kernel already includes the information of interest. From the perspective of polgen, all that is currently missing is the file descriptors created by the pipe and socketpair system calls, and we'll be back with just that patch once it's properly prepared. I have been relying on others to create kernel patches, and neglected to familiarize myself with the accepted practice for submitting patches. I will ensure that future patches follow the rules. John