[PATCH 9/15] sanitize audit_fd_pair()
Eric Paris
eparis at redhat.com
Wed Dec 17 17:18:32 UTC 2008
On Wed, 2008-12-17 at 05:12 +0000, Al Viro wrote:
> * no allocations
> * return void
>
> Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index ac89cd3..5de0087 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -215,6 +210,7 @@ struct audit_context {
> struct mq_attr attr;
> } mq_open;
> };
> + int fds[2];
>
> #if AUDIT_DEBUG
> int put_count;
Waste of space, at least on a 32 bit machine where the size of the ipc
aux data is definitely larger than the sockcall aux data. But I guess
what you did is a whole lot easier and clearer than to try to hack up
adding it to both sockcall and new pipe_fds and using the right one at
the right time. I guess if we cared about 64 bits per audited thread we
wouldn't be moving the aux data into the audit_context anyway.
Acked-by: Eric Paris <eparis at redhat.com>
More information about the Linux-audit
mailing list