davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4b8a311bb1
kernel-ark/kernel
History
Eric Paris 4b8a311bb1 [PATCH] arch filter lists with < or > should not be accepted 
Currently the kernel audit system represents arch's as numbers and will
gladly accept comparisons between archs using >, <, >=, <= when the only
thing that makes sense is = or !=.  I'm told that the next revision of
auditctl will do this checking but this will provide enforcement in the
kernel even for old userspace.  A simple command to show the issue would
be to run

auditctl -d entry,always -F arch>i686 -S chmod

with this patch the kernel will reject this with -EINVAL

Please comment/ack/nak as soon as possible.

-Eric

 kernel/auditfilter.c |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2006-10-04 08:31:16 -04:00
..
irq
power [PATCH] namespaces: utsname: use init_utsname when appropriate 2006-10-02 07:57:21 -07:00
time
.gitignore
acct.c
audit.c
audit.h
auditfilter.c [PATCH] arch filter lists with < or > should not be accepted 2006-10-04 08:31:16 -04:00
auditsc.c
capability.c
compat.c [PATCH] BLOCK: Revert patch to hack around undeclared sigset_t in linux/compat.h 2006-10-02 08:03:31 -07:00
configs.c
cpu.c
cpuset.c
delayacct.c
dma.c [PATCH] kernel-doc for kernel/dma.c 2006-10-03 08:03:41 -07:00
exec_domain.c
exit.c [PATCH] namespaces: exit_task_namespaces() invalidates nsproxy 2006-10-02 07:57:21 -07:00
extable.c
fork.c [PATCH] IPC namespace - utils 2006-10-02 07:57:22 -07:00
futex_compat.c
futex.c [PATCH] file: modify struct fown_struct to use a struct pid 2006-10-02 07:57:14 -07:00
hrtimer.c
itimer.c
kallsyms.c [PATCH] Create kallsyms_lookup_size_offset() 2006-10-03 08:03:41 -07:00
Kconfig.hz
Kconfig.preempt
kexec.c
kfifo.c
kmod.c [PATCH] introduce kernel_execve 2006-10-02 07:57:23 -07:00
kprobes.c [PATCH] kretprobe spinlock deadlock patch 2006-10-02 07:57:16 -07:00
ksysfs.c
kthread.c
latency.c
lockdep_internals.h
lockdep_proc.c
lockdep.c [PATCH] namespaces: utsname: use init_utsname when appropriate 2006-10-02 07:57:21 -07:00
Makefile [PATCH] namespaces: utsname: implement utsname namespaces 2006-10-02 07:57:21 -07:00
module.c [PATCH] Create kallsyms_lookup_size_offset() 2006-10-03 08:03:41 -07:00
mutex-debug.c
mutex-debug.h
mutex.c
mutex.h
nsproxy.c [PATCH] nsproxy cloning error path fix 2006-10-02 07:57:22 -07:00
panic.c
params.c
pid.c [PATCH] introduce get_task_pid() to fix unsafe get_pid() 2006-10-02 07:57:25 -07:00
posix-cpu-timers.c
posix-timers.c fix file specification in comments 2006-10-03 23:01:26 +02:00
printk.c
profile.c
ptrace.c
rcupdate.c
rcutorture.c rcutorture: Fix incorrect description of default for nreaders parameter 2006-10-03 23:26:16 +02:00
relay.c
resource.c [PATCH] kernel-doc for kernel/resource.c 2006-10-03 08:03:41 -07:00
rtmutex_common.h
rtmutex-debug.c
rtmutex-debug.h
rtmutex-tester.c
rtmutex.c
rtmutex.h
rwsem.c
sched.c [PATCH] scheduler: NUMA aware placement of sched_group_allnodes 2006-10-03 08:04:07 -07:00
seccomp.c
signal.c [PATCH] usb: fixup usb so it uses struct pid 2006-10-02 07:57:15 -07:00
softirq.c
softlockup.c
spinlock.c
stacktrace.c
stop_machine.c
sys_ni.c
sys.c [PATCH] replace cad_pid by a struct pid 2006-10-02 07:57:25 -07:00
sysctl.c [PATCH] replace cad_pid by a struct pid 2006-10-02 07:57:25 -07:00
taskstats.c
time.c
timer.c
tsacct.c
uid16.c
unwind.c
user.c
utsname.c [PATCH] namespaces: utsname: implement CLONE_NEWUTS flag 2006-10-02 07:57:22 -07:00
wait.c
workqueue.c remove duplicate "until" from kernel/workqueue.c 2006-10-03 23:07:31 +02:00