From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Moore <paul@paul-moore.com>
Subject: Re: [PATCH V9 3/3] audit: add audit by children of executable path
Date: Fri, 07 Aug 2015 10:30:02 -0400
Message-ID: <6430018.ENq3ajkyRS@sifl>
References: <cover.1438801342.git.rgb@redhat.com> <14f057b6cb8.2852.85c95baa4474aabc7814e68940a78392@paul-moore.com> <20150807063715.GB23800@madcap2.tricolour.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7Bit
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <20150807063715.GB23800@madcap2.tricolour.ca>
Sender: linux-kernel-owner@vger.kernel.org
To: Richard Guy Briggs <rgb@redhat.com>
Cc: Steve Grubb <sgrubb@redhat.com>, linux-audit@redhat.com, linux-kernel@vger.kernel.org
List-Id: linux-audit@redhat.com

On Friday, August 07, 2015 02:37:15 AM Richard Guy Briggs wrote:
> On 15/08/06, Paul Moore wrote:
>
> > I guess what I'm saying is that I'm not currently convinced that
> > there is enough value in this to offset the risk I feel the loop
> > presents. I understand the use cases that you are mentioning, the
> > are the same as the last time we discussed this, but I'm going to
> > need something better than that.
> 
> Can you better describe the loop that concerns you?  I don't quite see
> it.

It would be the only loop in the patch, look at the for loop in 
audit_filter_rules() which iterates up the process' parent chain.

-- 
paul moore
www.paul-moore.com