[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Incorrect value of ptrace's 4th argument on zSeries




Hey all,

I've found an issue with the logging of the value of the 4th argument of the ptrace syscall.

The call is: ptrace(PTRACE_TRACEME,0,0,0)   and  ptrace(PTRACE_KILL,1,0,0) the value of the 4th argument, that is the 0, is logged as the following:

type=SYSCALL msg=audit(1140022035.377:246959): arch=16 syscall=26 success=yes exit=0 a0=0 a1=0 a2=0 a3=20000000000 items=0 pid=5236 auid=500 uid=501 gid=501 euid=501 suid=0 fsuid=501 egid=501 sgid=0 fsgid=501 comm="ptrace_test" exe="/rhcc/lspp/tests/LTP/ltp-merged/testcases/audit/syscalls/ptrace_test"

As you can see, a3 is logged as "a3=20000000000".

I am not sure if this extends to other syscalls, but this issue makes logging with specific argument values challenging at best.

Mike
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]