[RFC][PATCH] (#6 U1) the latest incarnation
Timothy R. Chavez
tinytim at us.ibm.com
Thu Mar 24 20:55:56 UTC 2005
On Thursday 24 March 2005 10:28 am, Stephen Smalley wrote:
> On Wed, 2005-03-23 at 14:22 -0600, Timothy R. Chavez wrote:
> > This is the latest patch.
>
> Other comments:
>
> - As it stands with your patch, alloc_inode() will leak memory if
> audit_inode_alloc() succeeds but security_inode_alloc() fails because
> nothing frees the audit data on the error handling path for that case.
Is this too bold of a statement:
fs/inode.c: inode_alloc
if (audit_inode_alloc(inode) && security_inode_alloc(inode)) {
....
}
I figure, that if either is unsuccessful, we're probably not in any shape to
audit anyway... and visa versa. Is this a reasonable assumption? Or is it
too assertive?
-tim
More information about the Linux-audit
mailing list