[PATCH] libaudit.c - add entry list check for the path filter
Michael C Thompson
thompsmc at us.ibm.com
Thu May 18 14:23:09 UTC 2006
The auditctl filter "path" is only valid on the exit filter list, and
the current version of auditctl does not perform this sanity check.
Other values filter options which are required to be on the exit list
have this sanity-check mechanism.
Below is a patch which adds this sanity check for the "path" filter keyword.
Thanks,
Mike
---
Signed-off-by: Michael Thompson <thompsmc at us.ibm.com>
--- audit-1.2.2-orig/lib/libaudit.c 2006-04-16 08:57:11.000000000 -0500
+++ audit-1.2.2/lib/libaudit.c 2006-05-17 14:56:55.000000000 -0500
@@ -952,6 +952,10 @@
case AUDIT_SE_SEN:
case AUDIT_SE_CLR:
case AUDIT_WATCH:
+ /* Watch is invalid on entry */
+ if ((flags == AUDIT_FILTER_ENTRY) &&
+ (field == AUDIT_WATCH))
+ return -7;
rule->values[rule->field_count] = strlen(v);
offset = rule->buflen;
rule->buflen += strlen(v);
More information about the Linux-audit
mailing list