On Thu, Sep 28, 2006 at 05:46:21PM -0400, Eric Paris wrote: > Currently the kernel audit system represents arch's as numbers and will > gladly accept comparisons between archs using >, <, >=, <= when the only > thing that makes sense is = or !=. I'm told that the next revision of > auditctl will do this checking but this will provide enforcement in the > kernel even for old userspace. A simple command to show the issue would > be to run > > auditctl -d entry,always -F arch>i686 -S chmod > > with this patch the kernel will reject this with -EINVAL > > Please comment/ack/nak as soon as possible.
ACK -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
