bug?: audit filtering on negative values
Michael C Thompson
mcthomps at us.ibm.com
Wed Jan 18 20:28:37 UTC 2006
linux-audit-bounces at redhat.com wrote on 01/18/2006 02:21:56 PM:
> On Wednesday 18 January 2006 15:18, Timothy R. Chavez wrote:
> > What kernel are you testing on? I just checked the latest kernel
> > (lspp.6) and this does look like a problem:
> >
> > struct audit_field {
> > u32 type;
> > u32 val;
> > u32 op;
> > };
> >
> >
> > We only allow unsigned val(ues). Eek
>
> Right and that's because this is what the context stores:
>
> 129 struct audit_context {
> 136 unsigned long argv[4]; /* syscall arguments */
So... are we supposed to be able to filter on negative values?
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20060118/3d14daf3/attachment.htm>
More information about the Linux-audit
mailing list