On Tue, 2009-04-07 at 11:34 -0400, Paul Moore wrote: > Does anyone have any thoughts?
I remember debugging an issue with the incorrect return value being audited for a syscall. It was s390[x] specific and only occurred with successful execve() syscalls. This behavior was pointed out with the open-source common-criteria testsuite that checked each security-relevant syscalls for parameters, return values, args etc.. I didn't give much important to those since execve() return value is really not that important if the call succeeds ;-) But now I'm curious to what other problems related to syscalls return values you've found, and how those weren't caught by the same set of tests (hmm, maybe they are x86-specific?) Can you give us some examples? Thanks, -Klaus -- Klaus Heinrich Kiwi <[email protected]> Linux Security Development, IBM Linux Technology Center -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
