public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed
From: Casey Schaufler <casey@schaufler-ca.com>
To: Steve Grubb <sgrubb@redhat.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
	Thomas Graf <tgraf@redhat.com>, Patrick McHardy <kaber@trash.net>,
	linux-audit@redhat.com, netfilter-devel@vger.kernel.org,
	Al Viro <viro@zeniv.linux.org.uk>,
	Eric Paris <eparis@parisplace.org>
Subject: Re: [PATCH 2nd revision] Add SELinux context support to AUDIT target
Date: Mon, 06 Jun 2011 18:23:53 -0700	[thread overview]
Message-ID: <4DED7DA9.2000008@schaufler-ca.com> (raw)
In-Reply-To: <201106062059.03876.sgrubb@redhat.com>

On 6/6/2011 5:59 PM, Steve Grubb wrote:
> On Monday, June 06, 2011 07:22:43 PM Pablo Neira Ayuso wrote:
>> On 06/06/11 15:10, Mr Dash Four wrote:
>>>> Exactly my point. There is no leak if its text or numeric.
>>> No, there is no leak if it is a text, but there *is* a leak if it is a
>>> numeric. I think I've made that quite clear.
>> We don't use numeric secmark anymore in nf_conntrack. Not very familiar
>> with SELinux, but I remember that the convention was not to provide
>> internal numeric values.
> All of the audit system records the numbers if conversion fails.

Consistency is important

> We want it as 
> forensic evidence or troubleshooting information as the case may be.

It's completely pointless to have in the audit record. The code
ought to treat an untranslatable secmark with the same severity
as an invalid pointer. You could argue that it is oopsable. Certainly
worthy of a BUG invocation. Printing the numeric is sloppy error
handling.

> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>


      reply	other threads:[~2011-06-07  1:23 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <4DDE9194.4030303@netfilter.org>
     [not found] ` <4DD5BF5A.2030108@googlemail.com>
     [not found]   ` <4DDE848F.1070508@netfilter.org>
     [not found]     ` <4DDE87F5.9050606@googlemail.com>
2011-06-04 15:12       ` [PATCH 2nd revision] Add SELinux context support to AUDIT target Mr Dash Four
2011-06-05 23:06         ` Pablo Neira Ayuso
2011-06-06 12:02           ` Mr Dash Four
2011-06-06 23:20             ` Pablo Neira Ayuso
2011-06-07  8:18               ` Mr Dash Four
2011-06-07  9:12                 ` Pablo Neira Ayuso
2011-06-07 10:32                   ` [PATCH 3rd " Mr Dash Four
2011-06-08 14:49                     ` Steve Grubb
2011-06-08 16:12                       ` Mr Dash Four
2011-06-08 17:14                         ` Steve Grubb
2011-06-08 18:04                           ` Mr Dash Four
2011-06-08 18:13                       ` Casey Schaufler
2011-06-08 18:33                         ` Eric Paris
2011-06-08 19:00                           ` Mr Dash Four
2011-06-08 19:08                             ` Eric Paris
2011-06-08 19:14                               ` Mr Dash Four
2011-06-08 19:28                               ` Steve Grubb
2011-06-08 19:39                                 ` Eric Paris
2011-06-09 12:28                                   ` Patrick McHardy
2011-06-09 12:52                                     ` Eric Paris
2011-06-09 12:56                                       ` Patrick McHardy
2011-06-09 14:08                                       ` Mr Dash Four
2011-06-09 15:06                                         ` Eric Paris
2011-06-09 15:16                                           ` Mr Dash Four
2011-06-16  8:36                                             ` Mr Dash Four
2011-06-18 12:08                                               ` [PATCH 4th " Mr Dash Four
2011-06-20 12:20                                                 ` Steve Grubb
2011-06-20 14:21                                                   ` Mr Dash Four
2011-06-20 14:27                                                     ` Eric Paris
2011-06-30 11:35                                                       ` Patrick McHardy
2011-06-08 18:36                         ` [PATCH 3rd " Steve Grubb
2011-06-08 18:45                           ` Mr Dash Four
2011-06-06 12:14         ` [PATCH 2nd " Steve Grubb
2011-06-06 12:25           ` Mr Dash Four
2011-06-06 12:30             ` Steve Grubb
2011-06-06 12:42               ` Mr Dash Four
2011-06-06 12:53                 ` Steve Grubb
2011-06-06 13:10                   ` Mr Dash Four
2011-06-06 23:22                     ` Pablo Neira Ayuso
2011-06-07  0:59                       ` Steve Grubb
2011-06-07  1:23                         ` Casey Schaufler [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4DED7DA9.2000008@schaufler-ca.com \
    --to=casey@schaufler-ca.com \
    --cc=eparis@parisplace.org \
    --cc=kaber@trash.net \
    --cc=linux-audit@redhat.com \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=sgrubb@redhat.com \
    --cc=tgraf@redhat.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox