[PATCH 5/5] audit: comparison on interprocess fields
Peter Moody
pmoody at google.com
Wed Jan 4 21:12:58 UTC 2012
On Wed, Jan 4, 2012 at 12:55 PM, Eric Paris <eparis at redhat.com> wrote:
> On Wed, 2012-01-04 at 15:47 -0500, Eric Paris wrote:
> > This allows audit to specify rules in which we compare two fields of a
> > process. Such as is the running process uid != to the running process
> > euid?
> >
> > Signed-off-by: Peter Moody <pmoody at google.com>
> > Signed-off-by: Eric Paris <eparis at redhat.com>
> > ---
>
> I broke this into a separate patch and didn't try to use the 'helper'
> function. Using the helper would be wrong since the comparison was not
> supposed to involve fs objects. Thus things which were passing it a
> task_struct and offset as the second pointer were walking the
> audit_names list dereferencing some random distance (distance of
> loginuid inside a task_struct) from the found name and using that memory
> location as a uid. Opps.
>
Whoops.
thanks for this Eric.
Cheers,
peter
--
Peter Moody Google 1.650.253.7306
Security Engineer pgp:0xC3410038
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20120104/7e66ab71/attachment.htm>
More information about the Linux-audit
mailing list