Skip to content

GitLab

Switch branch/tag
History Find file
Clone
[PATCH] arch filter lists with < or > should not be accepted
Eric Paris authored 

Currently the kernel audit system represents arch's as numbers and will
gladly accept comparisons between archs using >, <, >=, <= when the only
thing that makes sense is = or !=.  I'm told that the next revision of
auditctl will do this checking but this will provide enforcement in the
kernel even for old userspace.  A simple command to show the issue would
be to run

auditctl -d entry,always -F arch>i686 -S chmod

with this patch the kernel will reject this with -EINVAL

Please comment/ack/nak as soon as possible.

-Eric

 kernel/auditfilter.c |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
4b8a311b
Name Last commit Last update
..
irq [PATCH] irq: remove a extra line
power [PATCH] namespaces: utsname: use init_utsname when appropriate
time [PATCH] kernel/time/ntp.c: possible cleanups
.gitignore gitignore: ignore more generated files
Kconfig.hz [PATCH] i386: Selectable Frequency of the Timer Interrupt
Kconfig.preempt [PATCH] sched: voluntary kernel preemption
Makefile [PATCH] namespaces: utsname: implement utsname namespaces
acct.c [PATCH] csa: convert CONFIG tag for extended accounting routines
audit.c [PATCH] selinux: rename selinux_ctxid_to_string
audit.h [PATCH] audit: AUDIT_PERM support
auditfilter.c [PATCH] arch filter lists with < or > should not be accepted
auditsc.c [PATCH] audit/accounting: tty locking
capability.c [PATCH] pidspace: is_init()
compat.c [PATCH] BLOCK: Revert patch to hack around undeclared sigset_t in linux/compat.h
configs.c Remove obsolete #include <linux/config.h>
cpu.c [PATCH] Disable CPU hotplug during suspend
cpuset.c [PATCH] r/o bind mount prepwork: inc_nlink() helper
delayacct.c [PATCH] task delay accounting fixes
dma.c [PATCH] kernel-doc for kernel/dma.c
exec_domain.c Remove obsolete #include <linux/config.h>
exit.c [PATCH] namespaces: exit_task_namespaces() invalidates nsproxy
extable.c [PATCH] symbol_put_addr() locks kernel
fork.c [PATCH] IPC namespace - utils
futex.c [PATCH] file: modify struct fown_struct to use a struct pid
futex_compat.c [PATCH] futex: Apply recent futex fixes to futex_compat
hrtimer.c
itimer.c
kallsyms.c
kexec.c
kfifo.c
kmod.c
kprobes.c
ksysfs.c
kthread.c
latency.c
lockdep.c
lockdep_internals.h
lockdep_proc.c
module.c
mutex-debug.c
mutex-debug.h
mutex.c
mutex.h
nsproxy.c
panic.c
params.c
pid.c
posix-cpu-timers.c
posix-timers.c
printk.c
profile.c
ptrace.c
rcupdate.c
rcutorture.c
relay.c
resource.c
rtmutex-debug.c
rtmutex-debug.h
rtmutex-tester.c
rtmutex.c
rtmutex.h
rtmutex_common.h
rwsem.c
sched.c
seccomp.c
signal.c
softirq.c
softlockup.c
spinlock.c
stacktrace.c
stop_machine.c
sys.c
sys_ni.c
sysctl.c
taskstats.c
time.c
timer.c
tsacct.c
uid16.c
unwind.c
user.c
utsname.c
wait.c
workqueue.c