On Sun, 18 Feb 2007 04:01:27 +0000 Al Viro <[EMAIL PROTECTED]> wrote:
> Misc audit patches (resend again...); the most intrusive one is AUDIT_FD_PAIR, > allowing to log descriptor numbers from syscalls that do not return them in > usual way (i.e. pipe() and socketpair()). It took some massage of > the failure exits in sys_socketpair(); the rest is absolutely trivial. > Please, pull from > git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current.git/ audit.b37 Please send patches to the list for review if practical? In this case it was. I trust davem has had a look at the non-trivial changes to sys_socketpair(). Looking at the changes to audit_receive_msg(): if (sid) { if (selinux_sid_to_string( sid, &ctx, &len)) { audit_log_format(ab, " ssid=%u", sid); /* Maybe call audit_panic? */ } else audit_log_format(ab, " subj=%s", ctx); kfree(ctx); } This is assuming that selinux_sid_to_string() always initialises `ctx'. But AFAICT there are two error paths in security_sid_to_context() which forget to do that, so we end up doing kfree(uninitialised-local). I'd consider that a shortcoming in security_sid_to_context(), so not a problem in this patch, as long as people agree with my blaming above. The coding style in there is a bit odd-looking. The new __audit_fd_pair() has unneeded braces in it. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/