Another slab size-32 leak 2.6.16-rc4-mm2
Amy Griffis
amy.griffis at hp.com
Wed Mar 1 18:52:39 UTC 2006
On Tue, Feb 28, 2006 at 05:37:40PM -0600, Dustin Kirkland wrote:
> As I understand it, the code as it stands in Viro's git tree performs
> all of (a), (b), (c), and (d) sufficiently for collecting the context
> of IPC objects, as well as the subject contexts of the initiating
> syscalls for LSPP certification.
Please take a closer look at the code. The function that is
collecting the ipc object label -- audit_ipc_context() -- is called in
two places: audit_ipc_perms() and ipcperms().
audit_ipc_perms() is invoked during the following operations:
msgctl - IPC_SET
semctl - IPC_SET
shmctl - IPC_SET
ipcperms() is invoked during the following operations:
msgctl - IPC_STAT
msgsnd
msgrcv
semget
semctl - SEM_STAT
semctl - SETALL
semtimedop
shmget
shmctl - IPC_STAT
shmat
If you remove the audit_ipc_context() call from ipcperms() you will
not be collecting object labels for the second set of operations.
This does not meet LSPP requirements.
Your patch claims to collect object labels for ipc operations. But
since it only attaches the label to the audit context for the IPC_SET
calls, it does not do what it claims. At a minimum, your patch needs
to be fixed to attach the object label to the audit context for the
second set of operations.
Regards,
Amy
More information about the Linux-audit
mailing list