audit 0.7.4 released
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon May 9 15:17:46 UTC 2005
On Mon, 09 May 2005 10:10:01 CDT, "Timothy R. Chavez" said:
> I've removed the path_lookup from the audit_to_transport code block.
> Perhaps, we can attempt to find the path via user space once the watch
> is returned (with path), rather then doing it in the kernel. Then user
> space can set the w_valid field.
This sounds incredibly racy to me, especially in the cases we care about
(like the re-writing of /etc/passwd by creating a tempfile and renaming it).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050509/c5ca97cc/attachment.sig>
More information about the Linux-audit
mailing list