On Thursday 17 May 2007 11:23, Klaus Weidner wrote: > > So, way back over at syscall entry would be the time to notice this > > problem instead of here. If we are concerned about this, it might be a > > general control feature like enable/disable, fail mode, or backlog. We > > could make something to report out of range syscalls. > > Can we agree to do just the simple fix for this issue for now, and maybe > revisit adding additional sanity checks later if people think they are > helpful?
Certainly. The patch as submitted is fine and Al ack'ed it. I was thinking we should have one more cleanup as a separate patch at some point that catches this at syscall entry and allows ignore/printk/panic selection just like the fail option for the audit system does. In the case of ignore (which would be default), your patch is needed. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
