From: Greg KH <greg@kroah.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Philipp Kern <pkern@google.com>,
"H. Peter Anvin" <hpa@linux.intel.com>,
linux-kernel@vger.kernel.org, "H. J. Lu" <hjl.tools@gmail.com>,
Eric Paris <eparis@redhat.com>,
security@kernel.org
Subject: Re: [PATCH 2/2] audit: Move CONFIG_AUDITSYSCALL into staging and update help text
Date: Wed, 28 May 2014 16:13:03 -0700 [thread overview]
Message-ID: <20140528231303.GA2737@kroah.com> (raw)
In-Reply-To: <f6365442194983c2eb0da6ea8c66d1c16441bb2a.1401315521.git.luto@amacapital.net>
On Wed, May 28, 2014 at 03:21:20PM -0700, Andy Lutomirski wrote:
> Here are some issues with the code:
> - It thinks that syscalls have four arguments.
> - It's a performance disaster.
> - It assumes that syscall numbers are between 0 and 2048.
> - It's unclear whether it's supposed to be reliable.
> - It's broken on things like x32.
> - It can't support ARM OABI.
> - Its approach to memory allocation is terrifying.
>
> I considered marking it BROKEN, but that might be too harsh.
>
> Signed-off-by: Andy Lutomirski <luto@amacapital.net>
> ---
> init/Kconfig | 13 ++++++++-----
> 1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/init/Kconfig b/init/Kconfig
> index 9d3585b..4584f8a 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -296,13 +296,16 @@ config HAVE_ARCH_AUDITSYSCALL
> bool
>
> config AUDITSYSCALL
> - bool "Enable system-call auditing support"
> - depends on AUDIT && HAVE_ARCH_AUDITSYSCALL
> + bool "Enable system-call auditing support (not recommended)"
> + depends on AUDIT && HAVE_ARCH_AUDITSYSCALL && STAGING
As it doesn't actually move any code into drivers/staging/, and I have
no TODO list that needs to be resolved in order to get it out of staging
(other than your list above), I'd prefer it not to take on the STAGING
mark.
But BROKEN is fine with me, that should wake people up to fix it or just
drop it :)
thanks,
greg k-h
prev parent reply other threads:[~2014-05-28 23:09 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-28 22:21 [PATCH 0/2] Fix auditsc DoS and move it to staging Andy Lutomirski
2014-05-28 22:21 ` [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking Andy Lutomirski
2014-05-28 22:21 ` [PATCH 2/2] audit: Move CONFIG_AUDITSYSCALL into staging and update help text Andy Lutomirski
2014-05-28 23:13 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140528231303.GA2737@kroah.com \
--to=greg@kroah.com \
--cc=eparis@redhat.com \
--cc=hjl.tools@gmail.com \
--cc=hpa@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=pkern@google.com \
--cc=security@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox