[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH 5/5] audit: comparison on interprocess fields

On Wed, Jan 4, 2012 at 12:55 PM, Eric Paris <eparis redhat com> wrote:
On Wed, 2012-01-04 at 15:47 -0500, Eric Paris wrote:
> This allows audit to specify rules in which we compare two fields of a
> process.  Such as is the running process uid != to the running process
> euid?
> Signed-off-by: Peter Moody <pmoody google com>
> Signed-off-by: Eric Paris <eparis redhat com>
> ---

I broke this into a separate patch and didn't try to use the 'helper'
function.  Using the helper would be wrong since the comparison was not
supposed to involve fs objects.  Thus things which were passing it a
task_struct and offset as the second pointer were walking the
audit_names list dereferencing some random distance (distance of
loginuid inside a task_struct) from the found name and using that memory
location as a uid.  Opps.


thanks for this Eric.


Peter Moody      Google    1.650.253.7306    
Security Engineer  pgp:0xC3410038

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]