[PATCH] arch filter lists with < or > should not be accepted
Alexander Viro
aviro at redhat.com
Fri Sep 29 12:46:22 UTC 2006
On Thu, Sep 28, 2006 at 05:46:21PM -0400, Eric Paris wrote:
> Currently the kernel audit system represents arch's as numbers and will
> gladly accept comparisons between archs using >, <, >=, <= when the only
> thing that makes sense is = or !=. I'm told that the next revision of
> auditctl will do this checking but this will provide enforcement in the
> kernel even for old userspace. A simple command to show the issue would
> be to run
>
> auditctl -d entry,always -F arch>i686 -S chmod
>
> with this patch the kernel will reject this with -EINVAL
>
> Please comment/ack/nak as soon as possible.
ACK
More information about the Linux-audit
mailing list