[RFC][PATCH 1/2] (#6 U2) filesystem auditing
Steve Grubb
sgrubb at redhat.com
Tue Mar 29 16:31:21 UTC 2005
On Tuesday 29 March 2005 10:38, Timothy R. Chavez wrote:
> I can change this. Easy enough. This will reduce the reply code for
> insert/delete for 0.6.9 too and eliminate a macro.
Thanks. I think it simplifies the code.
And then there's this:
+ Shifted sanity checking / copying of watch data from userspace back into
audit_watch_insert() and audit_watch_remove()
You have the same code in insert and remove. Why not just do something like
this:
if type is list {
handle it
}
else if type is insert or remove {
sanity checking
if insert handle insert
else handle remove
}
else
EINVAL
But when you think about it, couldn't list have an invalid path as well? Does
list need the same sanity checking? If not, audit_receive_msg could just call
audit_list_watches directly. Also, audit_receive_watch does not need a
default because audit_receive_msg only calls it if the type is something it
handles. So, the EINVAL above is not needed. audit_receive_watch becomes:
sanity checking
if insert handle insert
else handle remove
In audit_receive_msg, when handling AUDIT_WATCH_LST, don't you need to check
the length of nlh->nlmsg_len before passing the request?
-Steve
More information about the Linux-audit
mailing list