From: Eric Paris <eparis@redhat.com>
To: Amy Griffis <amy.griffis@hp.com>
Cc: linux-audit@redhat.com
Subject: Re: [PATCH 2/2] audit signal recipients (v2)
Date: Tue, 27 Feb 2007 15:41:42 -0500 [thread overview]
Message-ID: <1172608902.22087.21.camel@localhost.localdomain> (raw)
In-Reply-To: <20070223225151.GB993@fc.hp.com>
On Fri, 2007-02-23 at 17:51 -0500, Amy Griffis wrote:
> diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
> index 3749193..b90d121 100644
> --- a/kernel/auditfilter.c
> +++ b/kernel/auditfilter.c
> @@ -1171,7 +1171,7 @@ static inline int audit_add_rule(struct audit_entry *entry,
> struct nameidata *ndp, *ndw;
> int h, err, putnd_needed = 0;
> #ifdef CONFIG_AUDITSYSCALL
> - int dont_count = 0;
> + int i, dont_count = 0;
>
> /* If either of these, don't count towards total */
> if (entry->rule.listnr == AUDIT_FILTER_USER ||
> @@ -1221,6 +1221,11 @@ static inline int audit_add_rule(struct audit_entry *entry,
> #ifdef CONFIG_AUDITSYSCALL
> if (!dont_count)
> audit_n_rules++;
> +
> + for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
> + if ((entry->rule.mask[i] & classes[AUDIT_CLASS_SIGNAL][i]) ||
> + (entry->rule.mask[i] & classes[AUDIT_CLASS_SIGNAL_32][i]))
> + audit_signals++;
> #endif
> mutex_unlock(&audit_filter_mutex);
>
> @@ -1247,7 +1252,7 @@ static inline int audit_del_rule(struct audit_entry *entry,
> LIST_HEAD(inotify_list);
> int h, ret = 0;
> #ifdef CONFIG_AUDITSYSCALL
> - int dont_count = 0;
> + int i, dont_count = 0;
>
> /* If either of these, don't count towards total */
> if (entry->rule.listnr == AUDIT_FILTER_USER ||
> @@ -1294,6 +1299,11 @@ static inline int audit_del_rule(struct audit_entry *entry,
> #ifdef CONFIG_AUDITSYSCALL
> if (!dont_count)
> audit_n_rules--;
> +
> + for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
> + if ((entry->rule.mask[i] & classes[AUDIT_CLASS_SIGNAL][i]) ||
> + (entry->rule.mask[i] & classes[AUDIT_CLASS_SIGNAL_32][i]))
> + audit_signals--;
> #endif
> mutex_unlock(&audit_filter_mutex);
Since AUDIT_CLASS_SIGNAL_32 is not defined on i686 (see patch 1/2 the
patch to lib/audit.c which i686 uses) the second part of this or
statement is referencing way beyond the end of the classes array. I'm
investigating the right way to decide what we should be comparing
against across all arches, but maybe you will find it first.
-Eric
prev parent reply other threads:[~2007-02-27 20:41 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-23 22:50 [PATCH 1/2] add SIGNAL syscall class (v2) Amy Griffis
2007-02-23 22:51 ` [PATCH 2/2] audit signal recipients (v2) Amy Griffis
2007-02-27 20:41 ` Eric Paris [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1172608902.22087.21.camel@localhost.localdomain \
--to=eparis@redhat.com \
--cc=amy.griffis@hp.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox