Hi (primarily Eric and Steve),
In audit_log_end(), nlh->nlmsg_len is incorrectly set:
nlh->nlmsg_len = ab->skb->len - NLMSG_HDRLEN;
Since this is a known bug and anticipated by userspace, we can't change
it without disrupting userspace or somehow synchronizing a fix between
the two.
The function audit_make_reply() also generates netlink messges for
userspace, indirectly called by audit_receive_msg() cases:
AUDIT_GET
AUDIT_SIGNAL_INFO
AUDIT_TTY_GET
AUDIT_LIST_RULES
AUDIT_GET_FEATURE
It doesn't make the same nlmsg_len change above.
Should it, to be consistent, or does userspace already know about those
being correct?
The userspace->kernel direction has recently been updated to fix all the
cases, I think.
- RGB
--
Richard Guy Briggs <[email protected]>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
