[RFC][PATCH] (#6) filesystem auditing
Timothy R. Chavez
tinytim at us.ibm.com
Tue Mar 15 18:33:46 UTC 2005
On Tuesday 15 March 2005 12:29 pm, Timothy R. Chavez wrote:
> On Tuesday 15 March 2005 12:11 pm, Stephen Smalley wrote:
> > On Tue, 2005-03-15 at 11:51 -0600, Timothy R. Chavez wrote:
<snip>
> I have a feeling that someone how the memset(&watch, 0,
> sizeof(watch)) that was once in reset_vars() (in auditctl.c) has escaped
> some how and your passing in a perm equal to some rediculous value (bigger
> then 15) because it was not intialized to 0. Perhaps?
>
> -tim
>
Oops, I was looking at an unpatched auditctl.c (doh!) so I don't think this is
the problem necessarily, but if you could please verify that you do make it
past audit_netlink_ok(), into audit_watch_insert(), and then print out the
values, that'd help. I'm trying to think of where you'd get invalids. And
you're right, its likely that at least the payload is malformed in some way.
-tim
More information about the Linux-audit
mailing list