what is the correct use of linux kernel personality?
Mounir Bsaibes
bsaibes at us.ibm.com
Tue Mar 1 23:48:22 UTC 2005
Can someone please explain the correct use of Linux kernel personality or
point me to some
documentation that explains it well. We are trying to see how to make use
of it with audit filters.
The man page for the system call "personality" states that if you give it
a 0Xffffffff
the system call returns the current personality.
So I wrote a little program to check this out. The program always
returned 0xff or 255.
on AMD iSeries and i386 platforms for 32 and 64 bit executables.
It turned out that the /usr/include/linux/personality.h has the following
line:
#define personality(pers) (pers & PER_MASK)
no wonder. PER_MASK is 0xff and the name of the syscall is also
personality.
Which means in my application, the system call was never called.
OK, so I commented this line out. Now I get 0 for the personality on the
all platforms mentioned above
with 32 & 64 bit executables.
Mounir Bsaibes
Linux Security
Tel: (512) 838-1301
Cell: (512) 762-9957
Fax: (512) 838-8858
e-mail: bsaibes at us.ibm.com
More information about the Linux-audit
mailing list