On Saturday, March 15, 2014 07:28:46 PM Richard Guy Briggs wrote: > I'm inclined to go get_task_comm() in all 5 locations, but if we care > more about locking overhead, I'll switch to memcpy(). > > Steve, do we care about the integrity of the comm field?
In the case of interpreters, its about the only thing we know about the application being executed. For example, a shell script will have exe=/bin/sh, so comm= is our only clue. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
