[PATCH] LOGIN message credentials
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Apr 25 16:22:53 UTC 2005
On Mon, 25 Apr 2005 12:14:24 EDT, Steve Grubb said:
> type=LOGIN msg=audit(1114444861.363:0): login pid=0 uid=0 old
> loginuid=4294967295 new loginuid=0
>
> The pid cannot be 0. The problem is that the kernel code assumes the
> information is in the audit context. What if audit_get_context has never been
> called for that process?
OK.. I'll bite - why wasn't audit_get_context called? Unless we've looked at
it and decided that it's a reasonable thing to happen, your patch is just
papering over a bug that will come back to bite us later...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050425/1108c214/attachment.sig>
More information about the Linux-audit
mailing list