Audit not recording the correct syscall return value in Fedora 10?
Klaus Heinrich Kiwi
klausk at linux.vnet.ibm.com
Wed Apr 8 02:44:09 UTC 2009
On Tue, 2009-04-07 at 11:34 -0400, Paul Moore wrote:
> Does anyone have any thoughts?
I remember debugging an issue with the incorrect return value being
audited for a syscall. It was s390[x] specific and only occurred with
successful execve() syscalls. This behavior was pointed out with the
open-source common-criteria testsuite that checked each
security-relevant syscalls for parameters, return values, args etc..
I didn't give much important to those since execve() return value is
really not that important if the call succeeds ;-)
But now I'm curious to what other problems related to syscalls return
values you've found, and how those weren't caught by the same set of
tests (hmm, maybe they are x86-specific?)
Can you give us some examples?
Thanks,
-Klaus
--
Klaus Heinrich Kiwi <klausk at linux.vnet.ibm.com>
Linux Security Development, IBM Linux Technology Center
More information about the Linux-audit
mailing list