[RESEND PATCH 1/2] MIPS syscall auditing patches
Richard Guy Briggs
rgb at redhat.com
Thu Apr 3 15:13:36 UTC 2014
On 14/04/03, David Woodhouse wrote:
> On Thu, 2014-04-03 at 11:32 +0200, Ralf Baechle wrote:
> The __AUDIT_ARCH_64BIT flag does allow you to distinguish between 32-bit
> and 64-bit system calls on architectures where you can't tell them apart
> by syscall number alone (e.g. S390?). But even that isn't really needed
> on MIPS because the syscall number tells you *everything* you need to
> know, doesn't it?
That hadn't even occured to me. So, why not use O32, N32 and 64 flags
and just take mod 1000 of the syscall number and use a 64-bit mask? Or
drop the 3 arch flags and just identify the arch from the syscall number
range alone?
> David Woodhouse Open Source Technology Centre
- RGB
--
Richard Guy Briggs <rbriggs at redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
More information about the Linux-audit
mailing list