Here are some issues with the code:
- It thinks that syscalls have four arguments.
- It's a performance disaster.
- It assumes that syscall numbers are between 0 and 2048.
- It's unclear whether it's supposed to be reliable.
- It's broken on things like x32.
- It can't support ARM OABI.
- Its approach to memory allocation is terrifying.
I considered marking it BROKEN, but that might be too harsh.
Signed-off-by: Andy Lutomirski <l...@amacapital.net>
---
init/Kconfig | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/init/Kconfig b/init/Kconfig
index 9d3585b..4584f8a 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -296,13 +296,16 @@ config HAVE_ARCH_AUDITSYSCALL
bool
config AUDITSYSCALL
- bool "Enable system-call auditing support"
- depends on AUDIT && HAVE_ARCH_AUDITSYSCALL
+ bool "Enable system-call auditing support (not recommended)"
+ depends on AUDIT && HAVE_ARCH_AUDITSYSCALL && STAGING
default y if SECURITY_SELINUX
help
- Enable low-overhead system-call auditing infrastructure that
- can be used independently or with another kernel subsystem,
- such as SELinux.
+ Enable system-call auditing infrastructure that can be used
+ independently or with another kernel subsystem, such as
+ SELinux.
+
+ AUDITSYSCALL has serious performance and correctness issues.
+ Use it with extreme caution.
config AUDIT_WATCH
def_bool y
--
1.9.3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
