[PATCH v2] s390: ensure that syscall arguments are properly masked on s390

From: Paul Moore When executing s390 code on s390x the syscall arguments are not properly masked, leading to some malformed audit records. Signed-off-by: Paul Moore --- arch/s390/kernel/ptrace.c | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/s390/kernel/p

Re: [PATCH v2] s390: ensure that syscall arguments are properly masked on s390

On Mon, Jun 27, 2016 at 10:34 AM, Paul Moore wrote: > From: Paul Moore > > When executing s390 code on s390x the syscall arguments are not > properly masked, leading to some malformed audit records. > > Signed-off-by: Paul Moore > --- > arch/s390/kernel/ptrace.c | 10 +++--- > 1 file chan

Re: [PATCH v4] audit: add fields to exclude filter by reusing user filter

On Fri, Jun 24, 2016 at 4:35 PM, Richard Guy Briggs wrote: > RFE: add additional fields for use in audit filter exclude rules > https://github.com/linux-audit/audit-kernel/issues/5 > > Re-factor and combine audit_filter_type() with audit_filter_user() to > use audit_filter_user_rules() to enable t

Re: [PATCH] audit: catch errors from audit_filter_rules field checks

On Thu, Jun 16, 2016 at 5:07 PM, Paul Moore wrote: > On Tue, Jun 14, 2016 at 5:03 PM, Richard Guy Briggs wrote: >> In the case of an error returned from a field check in an audit filter >> syscall rule, it is treated as a match and the rule action is honoured. >> >> This could cause a rule with a

Reset the LDFLAGS and building helper executables

Hello, When enabling the hardening flags on debian (adding bindnow and PIE) I get the following message: gcc -DHAVE_CONFIG_H -I. -I../../../lib -I.. -I. -I../../.. -I../../../auparse '-DTABLE_H="actiontab.h"' -g -O2 -c -o gen_actiontabs_h-gen_tables.o `test -f 'gen_tables.c' || echo '../.

Re: [PATCH v4] audit: add fields to exclude filter by reusing user filter

On 2016-06-27 11:18, Paul Moore wrote: > On Fri, Jun 24, 2016 at 4:35 PM, Richard Guy Briggs wrote: > > RFE: add additional fields for use in audit filter exclude rules > > https://github.com/linux-audit/audit-kernel/issues/5 > > > > Re-factor and combine audit_filter_type() with audit_filter_user

Re: Report Double Fetch Bug Found in Linux-4.6.1/kernel/auditsc.c

On Wed, Jun 22, 2016 at 5:57 AM, Pengfei Wang wrote: > Agreed, buffer the string at the first round and use it instead of recopying > it a second time from user space would keep it safe, which is the easiest way > I > think. Please fix it, thanks! FYI: I've created a new issue on GitHub to track

Re: Reset the LDFLAGS when building helper executables

Le 27/06/16 à 22:08, Laurent Bigonville a écrit : Hello, When enabling the hardening flags on debian (adding bindnow and PIE) I get the following message: gcc -DHAVE_CONFIG_H -I. -I../../../lib -I.. -I. -I../../.. -I../../../auparse '-DTABLE_H="actiontab.h"' -g -O2 -c -o gen_actiontabs_h-