[RFC][PATCH] (#2) Prelim in-kernel file system auditing support
Chris Wright
chrisw at osdl.org
Tue Jan 25 19:20:51 UTC 2005
* Serge Hallyn (serue at us.ibm.com) wrote:
> But you're looking up the parent of the file. So if you call
> audit_insert_watch("/.autofsck"); then nd will be the nameidata for '/'.
> You're going to check that the parent is not '/', whereas before you
> were checking that the file is not '/'. Clearly you want the latter.
>
> That's not to say the strcmp(path, "/') will be acceptable upstream,
> though.
No, it's not. It also doesn't mean much. Think "///", or "../../../".
These are user strings. If it's an issue, better compare against
something sane like resolved internal data structure.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
More information about the Linux-audit
mailing list