On Wed, Jan 4, 2012 at 12:55 PM, Eric Paris <[email protected]> wrote:
> On Wed, 2012-01-04 at 15:47 -0500, Eric Paris wrote: > > This allows audit to specify rules in which we compare two fields of a > > process. Such as is the running process uid != to the running process > > euid? > > > > Signed-off-by: Peter Moody <[email protected]> > > Signed-off-by: Eric Paris <[email protected]> > > --- > > I broke this into a separate patch and didn't try to use the 'helper' > function. Using the helper would be wrong since the comparison was not > supposed to involve fs objects. Thus things which were passing it a > task_struct and offset as the second pointer were walking the > audit_names list dereferencing some random distance (distance of > loginuid inside a task_struct) from the found name and using that memory > location as a uid. Opps. > Whoops. thanks for this Eric. Cheers, peter -- Peter Moody Google 1.650.253.7306 Security Engineer pgp:0xC3410038
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
