On Wed, 2014-04-16 at 14:02 +1000, Stephen Rothwell wrote:
You could have avoided this by doing a fast forward merge of v3.15-rc1
instead of the v3.14 merge (since everything in your tree before that
merge was also in Linus' tree by v3.15-rc1).
This is a situation I've never really known the
)
AKASHI Takahiro (2):
audit: Add CONFIG_HAVE_ARCH_AUDITSYSCALL
audit: Add generic compat syscall support
Chris Metcalf (1):
AUDIT: make audit_is_compat depend on CONFIG_AUDIT_COMPAT_GENERIC
Eric Paris (7):
audit: include subject
to the MIPS people. I hope
that you can apply it as part of the merge itself...
On Thu, 2014-04-10 at 19:53 -0400, Eric Paris wrote:
Linus,
Please pull the audit tree for v3.15. You will have merge conflicts.
I'll publish my branch merge-test where I attempted to resolve them
the way you
A tad more information. I did a build of-rc1 with the GPIO_ICH module built in
so I could use addr2line to help you run it down. No idea if this is actually
useful for you...
$ addr2line --inline --exe=vmlinux 813fc4e0
/storage/kernel/ichx-rebase/drivers/gpio/gpio-ich.c:388
an...@tomt.net
Reported-by: Adam Richter adam_richter2...@yahoo.com
Signed-off-by: Eric Paris epa...@redhat.com
---
kernel/audit.c | 12 +++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 3392d3e..95a20f3 100644
--- a/kernel/audit.c
On Wed, 2014-04-02 at 14:12 -0400, Mimi Zohar wrote:
On Wed, 2014-04-02 at 14:00 -0400, Steve Grubb wrote:
Hello Mimi,
On Wednesday, April 02, 2014 01:39:47 PM Mimi Zohar wrote:
This change is already being upstreamed as commit 73a6b44 Integrity:
Pass commname via get_task_comm().
On Fri, 2014-07-11 at 12:11 -0400, Paul Moore wrote:
On Thursday, July 10, 2014 09:06:02 PM H. Peter Anvin wrote:
Incidentally: do seccomp users know that on an x86-64 system you can
recevie system calls from any of the x86 architectures, regardless of
how the program is invoked? (This is
On Fri, 2014-07-11 at 12:21 -0400, Paul Moore wrote:
On Friday, July 11, 2014 12:16:47 PM Eric Paris wrote:
On Fri, 2014-07-11 at 12:11 -0400, Paul Moore wrote:
On Thursday, July 10, 2014 09:06:02 PM H. Peter Anvin wrote:
Incidentally: do seccomp users know that on an x86-64 system you
On Fri, 2014-07-11 at 12:32 -0400, Paul Moore wrote:
On Friday, July 11, 2014 12:23:33 PM Eric Paris wrote:
On Fri, 2014-07-11 at 12:21 -0400, Paul Moore wrote:
On Friday, July 11, 2014 12:16:47 PM Eric Paris wrote:
On Fri, 2014-07-11 at 12:11 -0400, Paul Moore wrote:
On Thursday
won't get them in any other task either.
Signed-off-by: Eric Paris epa...@redhat.com
Cc: Andrew Vagin ava...@openvz.org
Cc: Andrew G. Morgan mor...@kernel.org
Cc: Serge E. Hallyn serge.hal...@canonical.com
Cc: Kees Cook keesc...@chromium.org
Cc: Steve Grubb sgr...@redhat.com
Cc: Dan Walsh dwa
On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote:
On 07/17/2013 04:32 AM, Richard Guy Briggs wrote:
Convert audit from only listening in init_net to use
register_pernet_subsys()
to dynamically manage the netlink socket list.
Signed-off-by: Richard Guy Briggs r...@redhat.com
---
On Fri, 2013-12-20 at 10:46 +0800, Gao feng wrote:
On 12/20/2013 02:40 AM, Eric Paris wrote:
On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote:
On 07/17/2013 04:32 AM, Richard Guy Briggs wrote:
we have to store audit_sock
into auditns(auditns will be passed to kauditd_send_skb
Do you have a backtrace?
On Wed, Aug 13, 2014 at 8:30 AM, Al Viro v...@zeniv.linux.org.uk wrote:
On Wed, Aug 13, 2014 at 05:04:13PM +0530, shivnanda...@samsung.com wrote:
From: Shivnandan Kumar shivnanda...@samsung.com
List element was freed by inode_free_security and then it uses rcu
.
This lets 'capsh --caps=all=eip -- -c /bin/bash' run.
4) mask out undefined bit when we read a file capability off of disk as
again likely all bits are set in the xattr for forward/backward
compatibility.
This lets 'setcap all+pe /bin/bash; /bin/bash' run
Signed-off-by: Eric
On Wed, 2014-07-23 at 13:46 -0700, Andy Lutomirski wrote:
On 07/23/2014 12:36 PM, Eric Paris wrote:
This is effectively a revert of 7b9a7ec565505699f503b4fcf61500dceb36e744
plus fixing it a different way...
You sent something like this a couple days ago. What changed?
right when I sent
need to do is get that
now useless junk off the stack (pair of pops) and reload %eax with the
original syscall so other stuff can keep going about it's business.
Signed-off-by: Eric Paris epa...@redhat.com
Cc: Thomas Gleixner t...@linutronix.de
Cc: Ingo Molnar mi...@redhat.com
Cc: H. Peter Anvin h
On Thu, 2014-10-23 at 11:39 -0700, Andy Lutomirski wrote:
On 10/22/2014 09:04 PM, Eric Paris wrote:
git commit b4f0d3755c5e9cc86292d5fd78261903b4f23d4a was very very dumb.
It was writing over %esp/pt_regs semi-randomly on i686 with the expected
system can't boot results. As noted
On Thu, 2014-10-23 at 15:30 -0400, Eric Paris wrote:
On Thu, 2014-10-23 at 12:20 -0700, Andy Lutomirski wrote:
On Thu, Oct 23, 2014 at 12:15 PM, Eric Paris epa...@redhat.com wrote:
On Thu, 2014-10-23 at 11:39 -0700, Andy Lutomirski wrote:
On 10/22/2014 09:04 PM, Eric Paris wrote:
git
On Thu, 2014-10-23 at 12:20 -0700, Andy Lutomirski wrote:
On Thu, Oct 23, 2014 at 12:15 PM, Eric Paris epa...@redhat.com wrote:
On Thu, 2014-10-23 at 11:39 -0700, Andy Lutomirski wrote:
On 10/22/2014 09:04 PM, Eric Paris wrote:
git commit b4f0d3755c5e9cc86292d5fd78261903b4f23d4a was very
()
Burn Alting (1):
audit: invalid op= values for rules
Eric Paris (11):
audit: drop unused struct audit_rule definition
SH: define syscall_get_arch() for superh
UM: implement syscall_get_arch()
Alpha: define syscall_get_arch()
ARCH: AUDIT: implement
On Mon, 2014-10-20 at 16:25 -0400, Steve Grubb wrote:
On Thursday, October 02, 2014 11:06:51 PM Richard Guy Briggs wrote:
This is a part of Peter Moody, my and Eric Paris' work to implement
audit by executable name.
Does this patch set define an AUDIT_VERSION_SOMETHING and then set
On Tue, 2014-10-21 at 10:18 -0700, j...@joshtriplett.org wrote:
On Tue, Oct 21, 2014 at 08:37:00AM -0700, H. Peter Anvin wrote:
On 10/20/2014 02:48 PM, Pieter Smith wrote:
Many embedded systems will not need this syscall, and omitting it
saves space. Add a new EXPERT config option
Moore pmo...@redhat.com
Acked-by: Eric Paris epa...@redhat.com
---
MAINTAINERS |5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index c2066f4..86c24fd 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1689,10 +1689,11 @@ S:Supported
On Tue, 2014-10-21 at 17:56 -0400, Paul Moore wrote:
* Change the audit_status.version field comment in include/uapi/linux/audit.h
to /* audit functionality bitmap */, or similar. We can't really change
the
structure now, but the comment is fair game.
Trying to think how to do things
On Tue, 2014-10-21 at 17:08 -0400, Richard Guy Briggs wrote:
On 14/10/21, Steve Grubb wrote:
On Tuesday, October 07, 2014 03:03:14 PM Eric Paris wrote:
On Tue, 2014-10-07 at 14:23 -0400, Richard Guy Briggs wrote:
Log the event when a client attempts to connect to the netlink audit
That's really serious. Looking now.
On Wed, 2014-10-22 at 16:08 -0200, Paulo Zanoni wrote:
Hi
(Cc'ing everybody mentioned in the original patch)
I work for Intel, on our Linux Graphics driver - aka i915.ko - and our
QA team recently reported a regression on:
commit
On Wed, 2014-10-22 at 23:36 +0200, Thomas Gleixner wrote:
On Wed, 22 Oct 2014, Eric Paris wrote:
That's really serious. Looking now.
Indeed its serious. And it's even more serious as this masterpiece of
assembly wreckage was pulled in via your tree w/o having an acked-by
one of the x86
On Wed, 2014-10-22 at 14:43 -0700, H. Peter Anvin wrote:
On 10/22/2014 02:38 PM, Eric Paris wrote:
It was sent, numerous times, to the x86 list for reviews, and lived in
-next for 2 complete devel cycles without a complaint. I'm trying to
get an i386 system to test a fix. But yes, it's
On Wed, 2014-10-22 at 14:43 -0700, H. Peter Anvin wrote:
On 10/22/2014 02:38 PM, Eric Paris wrote:
It was sent, numerous times, to the x86 list for reviews, and lived in
-next for 2 complete devel cycles without a complaint. I'm trying to
get an i386 system to test a fix. But yes, it's
On Tue, 2014-10-07 at 14:23 -0400, Richard Guy Briggs wrote:
Log the event when a client attempts to connect to the netlink audit multicast
socket, requiring CAP_AUDIT_READ capability, binding to the
AUDIT_NLGRP_READLOG
group. Log the disconnect too.
Sample output:
time-Tue Oct 7
that
now useless junk off the stack (pair of pops) and reload %eax with the
original syscall so other stuff can keep going about it's business.
Reported-by: Paulo Zanoni przan...@gmail.com
Signed-off-by: Eric Paris epa...@redhat.com
Signed-off-by: Richard Guy Briggs r...@redhat.com
Cc
On Mon, 2014-10-27 at 10:02 -0700, H. Peter Anvin wrote:
On 10/27/2014 06:55 AM, Eric Paris wrote:
My patch was already committed to the -tip urgent branch. I believe any
optimization should be based on that branch, Richard. If you are trying
to wrangle every bit of speed out
On Mon, 2014-10-27 at 21:52 +0100, Thomas Gleixner wrote:
On Sun, 26 Oct 2014, Richard Guy Briggs wrote:
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
index b553ed8..344b63f 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -447,15
On Thu, 2014-11-20 at 12:12 +, David Drysdale wrote:
[+linux-fsdevel, without the typo this time]
On Wed, Nov 19, 2014 at 8:30 PM, David Miller da...@davemloft.net wrote:
From: David Drysdale drysd...@google.com
Date: Tue, 18 Nov 2014 13:13:51 +
Hi folks,
It looks like the
On Fri, 2014-09-26 at 06:32 -0700, Guenter Roeck wrote:
On 09/26/2014 12:59 AM, Stefan Kristiansson wrote:
On Fri, Sep 26, 2014 at 08:30:57AM +0200, Geert Uytterhoeven wrote:
Hi Günther,
[cc openrisc]
On Thu, Sep 25, 2014 at 10:25 PM, Guenter Roeck li...@roeck-us.net wrote:
New
/openrisc/include/asm/syscall.h: In function 'syscall_get_arch':
./arch/openrisc/include/asm/syscall.h:77:9: error: 'EM_OPENRISC' undeclared
Fix by moving EM_OPENRISC to include/uapi/linux/elf-em.h.
Fixes: ce5d112827e5 (ARCH: AUDIT: implement syscall_get_arch for all arches)
Cc: Eric Paris epa
Why are you setting FAN_OPEN_PERM and then not responding to perm
requests? Of course the system is going to appear locked, until you
start responding to open events, remove that mark, or close the fanotify
fd...
-Eric
On Fri, 2014-12-26 at 19:40 +0100, Heinrich Schuchardt wrote:
Hello Ivo,
Finance Review,
http://www.critical-finance-review.org/
On Mon, Dec 29, 2014 at 7:13 AM, Eric Paris epa...@redhat.com wrote:
Why are you setting FAN_OPEN_PERM and then not responding to
perm
requests? Of course the system is going to appear locked,
until
On Mon, 2014-12-29 at 13:06 +0800, ivo welch wrote:
thank you, eric. will do. I read up on it above and now understand it
better.
Great let us know if it keeps giving you trouble!
the example in the man page seems somewhat misfortunate. I would use
an example that does not, by default,
On Thu, 2014-12-18 at 11:45 -0500, valdis.kletni...@vt.edu wrote:
On Tue, 16 Dec 2014 20:09:54 -0500, Valdis Kletnieks said:
Spotted these two while booting single-user on 20141216. 20141208
doesn't throw these, so it's something in the last week or so..
Gaah! Turns out that 20141208
On Thu, 2014-12-18 at 12:46 -0500, Richard Guy Briggs wrote:
On 14/12/18, Eric Paris wrote:
On Thu, 2014-12-18 at 11:45 -0500, valdis.kletni...@vt.edu wrote:
On Tue, 16 Dec 2014 20:09:54 -0500, Valdis Kletnieks said:
Spotted these two while booting single-user on 20141216. 20141208
On Thu, 2014-12-18 at 13:44 -0500, Richard Guy Briggs wrote:
On 14/12/18, Eric Paris wrote:
On Thu, 2014-12-18 at 12:46 -0500, Richard Guy Briggs wrote:
On 14/12/18, Eric Paris wrote:
On Thu, 2014-12-18 at 11:45 -0500, valdis.kletni...@vt.edu wrote:
On Tue, 16 Dec 2014 20:09:54
I haven't looked into it, but I'd place my first bet on the audit
multicast code...
Richard?
On Tue, 2014-12-16 at 20:09 -0500, Valdis Kletnieks wrote:
Not sure who's to blame here, but I'm tending towards selinux based on
who was holding the locks...
Spotted these two while booting
On Thu, 2014-10-02 at 22:05 -0400, Richard Guy Briggs wrote:
Re-factor audit_rule_change() to reduce the amount of code redundancy and
simplify the logic.
Signed-off-by: Richard Guy Briggs r...@redhat.com
---
kernel/auditfilter.c | 20 +++-
1 files changed, 7
On Thu, 2014-10-02 at 22:05 -0400, Richard Guy Briggs wrote:
New tree rules copy the path twice and discard the intermediary copy.
This saves one pointer at the expense of one path string copy.
Signed-off-by: Richard Guy Briggs r...@redhat.com
---
kernel/audit_tree.c |9 +
On Thu, 2014-10-02 at 22:05 -0400, Richard Guy Briggs wrote:
When parent has just been created there is no need to search for the parent in
the list. Add a parameter to skip the search
Since the parent was just allocated, and thus has an empty list, this
search is just as fast as the check
Having a hard time convincing myself of the next 2... Doesn't mean
they're wrong or bad, but my brain isn't seeing it today...
On Thu, 2014-10-02 at 22:05 -0400, Richard Guy Briggs wrote:
Remove extra layer of audit_{get,put}_watch() calls.
Signed-off-by: Richard Guy Briggs r...@redhat.com
[adding paul and richard]
On Tue, 2014-11-04 at 11:27 +0100, Miklos Szeredi wrote:
From: Miklos Szeredi mszer...@suse.cz
Audit rules disappear when an inode they watch is evicted from the cache.
This is likely not what we want.
The guilty commit is fsnotify: allow marks to not pin inodes
What kernel version was this? Didn't we have this problem and solve it
upstream some time ago? IPC could be allocated with a valid security
context, the ipc would be freed. the isec was free'd syncronously, but
then the ipc could stick around until some rcu period or some usage flag
got to 0,
-foundation.org
Cc: Jan Kara j...@suse.cz
Cc: Al Viro v...@zeniv.linux.org.uk
Cc: Eric Paris epa...@redhat.com
Cc: John McCutchan j...@johnmccutchan.com
Cc: Robert Love rl...@rlove.org
Cc: Tim Chen tim.c.c...@linux.intel.com
Cc: Andi Kleen a...@linux.intel.com
Cc: linux-kernel@vger.kernel.org
---
b
On Fri, 2015-06-12 at 08:31 -0400, Stephen Smalley wrote:
On 06/12/2015 02:26 AM, Raghavendra K T wrote:
On 06/12/2015 03:01 AM, Waiman Long wrote:
The inode_free_security() function just took the superblock's
isec_lock
before checking and trying to remove the inode security struct
On Sat, 2015-06-13 at 10:35 +0300, Yury wrote:
On 13.06.2015 01:35, Waiman Long wrote:
On 06/12/2015 08:31 AM, Stephen Smalley wrote:
On 06/12/2015 02:26 AM, Raghavendra K T wrote:
On 06/12/2015 03:01 AM, Waiman Long wrote:
The inode_free_security() function just took the
I have to admit, I'm partial to not merging this (with the other
patches). Changing object lifetimes in what i seem to remember is long
standing code (auditfilter, not auditexe) seems to me like something we
really would want to be git bisectable, not mushed with an unrelated
feature addition.
On Mon, 2015-08-31 at 22:52 -0400, Paul Moore wrote:
> On Fri, Aug 28, 2015 at 10:03 PM, Luis R. Rodriguez
> wrote:
> > On Fri, Aug 28, 2015 at 06:26:05PM -0400, Paul Moore wrote:
> > > On Fri, Aug 28, 2015 at 7:20 AM, Roberts, William C
> > > wrote:
This is already going to be in the audit log, right? We're going to
send a CONFIG_CHANGE record with old_pid == the existing auditd. I bet
it gets delivered to the old auditd.
But why is this a printk(KERN_WARN) ?
On Mon, 2015-09-07 at 12:48 -0400, Richard Guy Briggs wrote:
> Nothing prevents a
Looks fine to me. And usually akpm picks them up these days.
On Wed, 2015-09-09 at 14:59 -0700, Dave Hansen wrote:
> On 06/30/2015 10:36 AM, Dave Hansen wrote:
> > From: Dave Hansen
> >
> > The comment here says that it is checking for invalid bits. But,
> > the
Acked-by: Eric Paris <epa...@redhat.com>
On Mon, 2015-09-21 at 11:45 -0700, Dave Hansen wrote:
> From: Dave Hansen <dave.han...@linux.intel.com>
>
> There was a report that my patch:
>
> inotify: actually check for invalid bits in
> sys_inotify_add_watch()
&g
ays reaches a SECCOMP_KILL or more likely
> > SECCOMP_RET_ERRNO in the rule set.
> >
> > The seccomp auditing was originally added by Eric with
> >
> > commit 85e7bac33b8d5edafc4e219c7dfdb3d48e0b4e31
> > Author: Eric Paris <epa...@redhat.com>
> > Dat
On Wed, 2016-05-11 at 14:54 +0200, Hector Marco-Gisbert wrote:
>
> El 21/04/16 a las 00:12, Kees Cook escribió:
> > On Tue, Apr 19, 2016 at 11:55 AM, Hector Marco-Gisbert > v.es> wrote:
> > > > On Wed, Apr 6, 2016 at 12:07 PM, Hector Marco-Gisbert > > > @upv.es> wrote:
> > > > >
All of the patches look good to me except most of those which change
the handling of `rc=`. I have a personal style preference for
rc = -ENOMEM;
val = kalloc();
if (!val)
goto err;
vs
val = kalloc();
if (!val) {
rc = -ENOMEM;
goto err;
}
because it saves 1 line and I think the compiler
On Tue, 2017-02-28 at 21:49 +, Joan Jani wrote:
> This patch fixes the following checkpath.pl warning
> WARNING: Block comments use a trailing */ on a separate line
>
> like
>
> kernel/audit.c:135: WARNING: Block comments use a trailing */ on a
> separate line
> kernel/audit.c:170: WARNING:
On Fri, 2017-01-13 at 04:51 -0500, Richard Guy Briggs wrote:
> 32-bit socketcalls were not being logged by audit on x86_64 systems.
> Log them. This is basically a duplicate of the call from
> net/socket.c:sys_socketcall(), but it addresses the impedance
> mismatch
> between 32-bit userspace
On Fri, 2017-01-13 at 10:06 -0500, Richard Guy Briggs wrote:
> On 2017-01-13 09:42, Eric Paris wrote:
> > On Fri, 2017-01-13 at 04:51 -0500, Richard Guy Briggs wrote:
> > > diff --git a/include/linux/audit.h b/include/linux/audit.h
> > > index 9d4443f..43d8003 10064
On Sat, 2017-12-09 at 10:28 -0800, Casey Schaufler wrote:
> On 12/9/2017 2:20 AM, Micka�l Sala�n wrote:
> > What about automatically create
> > and assign an ID to a process when it enters a namespace different
> > than
> > one of its parent process? This delegates the (permission)
> >
I think if we went back and looked at history we'd see that all of the
code originally had none of the if(!ab) checks after allocation and
they just sorta slowly crept in over time. I prefer this pattern, but
it used to be the opposite everywhere.
On Wed, 2018-02-21 at 19:02 -0500, Paul Moore
Reading /proc/sys/kernel/cap-bound requires CAP_SYS_MODULE. (see
proc_dointvec_bset in kernel/sysctl.c)
sysctl appears to drive all over proc reading everything it can get it's
hands on and is complaining when it is being denied access to read
cap-bound. Clearly writing to cap-bound should be a
and the s_root in the superblock struct is still 0 (since it was
initialized that way). Later when SELinux actually tries to use the
super block s_root we panic since we are trying to deference a null
pointer.
Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
fs/hfs/super.c |1 +
1 files c
On Thu, 2006-11-16 at 17:18 -0500, Eric Paris wrote:
> When an invalid hfs filesystem image is mounted it may cause a number of
> different oops. One filesystem image which triggers this problem can be
> found at:
>
Whoops, appears to be the same as the post from Eric Sandee
the
initialization would cause err to be ENOENT. But since err has since
been used above when we don't get a policy back from the xfrm_policy_by*
function we would always return 0 instead of the intended ENOENT. Also
fixed some white space damage in the same area.
Signed-off-by: Eric Paris <[EMAIL PROTEC
pfkey_spdget neither had an LSM security hook nor auditing for the
removal of xfrm_policy structs. The security hook was added when it was
moved into xfrm_policy_byid instead of the callers to that function by
my earlier patch and this patch adds the auditing hooks as well.
Signed-off-by: Eric
(and successes) will actually get audited.
Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
net/key/af_key.c |5 ++---
net/xfrm/xfrm_user.c |5 ++---
2 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 1c58204..d8fc88c 100644
--- a/net/key/af
On Mon, 2007-03-05 at 11:39 -0500, James Morris wrote:
> On Mon, 5 Mar 2007, Venkat Yekkirala wrote:
>
> > >
> > > Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
> > Acked-by: Venkat Yekkirala <[EMAIL PROTECTED]>
>
> What about your previous c
On Wed, 2007-03-07 at 16:07 -0800, David Miller wrote:
> From: David Miller <[EMAIL PROTECTED]>
> Date: Wed, 07 Mar 2007 15:43:16 -0800 (PST)
>
> > From: Eric Paris <[EMAIL PROTECTED]>
> > Date: Fri, 02 Mar 2007 13:51:24 -0500
> >
> > > pfkey_spdg
t
possible for us to move some of the other memory protect permissions out
of 'process' and into the new class next time we bump the policy version
number (which I also think is a good future idea)
-Eric
Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
---
Documentation/sysctl/kernel.txt
On Tue, 2007-06-05 at 17:16 -0400, Alan Cox wrote:
> On Tue, Jun 05, 2007 at 05:00:51PM -0400, James Morris wrote:
> > This should be an unsigned long.
> >
> > I wonder if the default should be for this value to be zero (i.e. preserve
> > existing behavior). It could break binaries, albeit
ould break binaries, albeit potentially insecure
>
> Agreed - DOSemu type apps and lrmi need to map at zero for vm86
And so it shall be!
Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
---
Documentation/sysctl/kernel.txt | 14 ++
include/linux/se
On Thu, 2007-06-28 at 01:27 -0700, Andrew Morton wrote:
> On Thu, 28 Jun 2007 00:12:21 -0700 Andrew Morton <[EMAIL PROTECTED]> wrote:
>
> > I can't start the X server any more, but that's probably unrelated ;)
> >
> > > me hopelessly outnumbered>
>
> And the winner of the
The new protection to keep users from writing to the first couple of
pages of virtual memory also is stopping mmap operations which are only
giving a hint address greater than 0 but less than mmap_min_addr. This
patch should take the address given to mmap and move it up to
mmap_min_addr thus
rmissions which are not present in the user's policy.
>
> Signed-off-by: James Morris <[EMAIL PROTECTED]>
Acked-by: Eric Paris <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Mor
no matter
what. So we should not both compiling in this rounding if it is just a
waste of time.
Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
---
mm/mmap.c | 10 ++
mm/nommu.c | 10 ++
2 files changed, 20 insertions(+), 0 deletions(-)
diff --git a/mm/mmap.c b/mm/mmap.c
that any process with this capability can harm the system a lot
more easily than writing some stuff on the zero page and then trying to
get the kernel to trip over itself. It also means that programs like X
on i686 which use vm86 emulation can work even with mmap_min_addr set.
Signed-off-by: Eric Paris
against this missed code path.
Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
---
** Be very careful applying/rediffing this patch. Standard 3 lines of
context from git diff will misapply the first hunk to expand_upwards
instead of properly in expand_downwards. This patch was generated usin
On Sat, 2007-11-17 at 08:42 +1100, James Morris wrote:
> On Fri, 16 Nov 2007, Eric Paris wrote:
>
> > +#ifdef CONFIG_SECURITY
> > + /*
> > +* If a hint addr is less than mmap_min_addr change addr to be as
> > +* low as possible but st
On Sat, 2007-11-17 at 08:47 +1100, James Morris wrote:
> On Fri, 16 Nov 2007, Eric Paris wrote:
>
> > On a kernel with CONFIG_SECURITY but without an LSM which implements
> > security_file_mmap it is impossible for an application to mmap addresses
> > lower than mmap
On Sat, 2007-11-17 at 08:58 +1100, James Morris wrote:
> On Fri, 16 Nov 2007, Eric Paris wrote:
>
> > On Sat, 2007-11-17 at 08:47 +1100, James Morris wrote:
> > > On Fri, 16 Nov 2007, Eric Paris wrote:
> > >
> > > > On a kernel with CONFIG_SE
On Sat, 2007-11-17 at 09:12 +1100, James Morris wrote:
> On Fri, 16 Nov 2007, Eric Paris wrote:
>
> > When this protection was originally concieved it intentionally was
> > offing something even without an more 'full featured' LSM. That was the
> > whole reason I h
argument which
could
pretty easily oom.
a single argument larger than MAX_EXECVE_AUDIT_LEN is broken into multiple
records and have a format like a10[0] a10[1] a10[2] etc.
Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
---
example audit log (about 50k long) for the
Break the auditing of a list of execve arguments into smaller records if
there
are a too many. The limit is currently around 7.5k of arguments as
userspace
has an 8k buffer limit and will drop messages which are longer.
Signed-off-by: Eric Paris <[EMAIL PROTEC
Remove the limitation on argv size. The audit system now logs arguments in
smaller chunks (currently about 8k due to userspace audit system buffer
sizes)
so this is no longer a requirement.
Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
Acked-by: Peter Zijlstra <[EMAIL
[snip from fs/super.c:vfs_kern_mount() just for reference]
if (data) {
secdata = alloc_secdata();
if (!secdata)
goto out_mnt;
error = security_sb_copy_data(type, data, secdata);
if (error)
Patches 1 and 2 I applied for 3.10, but I'd really like to have someone who
knows PPC ack 3 and 4. Especially if there is a hope that it goes through my
tree...
Link to original messages for your ease of review...
http://marc.info/?l=linux-kernel=135768892320439=2
net/netlink.h includes linux/netlink.h but linux/netlink.h does not include
net/netlink.h
since the audit code uses the nlmsg_* functions provided in net/netlink.h it
seems we need this include.
since the audit code uses netlink_unicast provided in linux/netlink.h it seems
we need that
- Original Message -
>
> __audit_socketcall is an extern function.
> better to check its parameters by itself.
>
> also can return error code, when fail (find invalid parameters).
> also use macro instead of real hard code number
> also give related comments for it.
>
>
We only allow one filter key per rule. So we should never be able to get into
this situation. See audit_data_to_entry()
-Eric
- Original Message -
>
> in the 'fcount' looping,
> if 'new->fields[*].type" has 2 or more AUDIT_FILTERKEYs
> need judge new->filterkey whether has
- Original Message -
>
>
> in another function: audit_data_to_entry:
>
> a. has the same issue for case AUDIT_WATCH.
You are saying if there were 2 of them it will leak the old one? No. If you
have 2 AUDIT_WATCH entries the first one will set entry->rule->watch and the
second
- Original Message -
> b. has an new issue for AUDIT_DIR:
>after AUDIT_DIR succeed, it will set rule->tree.
>next, the other case fail, then will call audit_free_rule.
>but audit_free_rule will not free rule->tree.
Definitely a couple of leaks here...
I'm
- Original Message -
>
> also for function audit_list:
> when call audit_make_reply fails (will return NULL).
> we need free all its related variables instead of only kfree rull.
> (such as call autit_free_rule)
>
> please help check, thanks.
audit_free_rule() takes a
- Original Message -
>
> also for function audit_list_rules:
> when call audit_make_reply fails (will return NULL).
> we also need process data->buf, not only data itself.
>
> please help check, thanks.
struct audit_rule_data {
[...]
charbuf[0]; /* string
On Thu, 2013-06-20 at 11:02 +0800, Gao feng wrote:
> On 06/20/2013 04:51 AM, Eric Paris wrote:
> > On Wed, 2013-06-19 at 16:49 -0400, Aristeu Rozanski wrote:
> >> On Wed, Jun 19, 2013 at 09:53:32AM +0800, Gao feng wrote:
> >>> This patchset is first part
On Tue, 2013-11-05 at 14:36 -0800, Andy Lutomirski wrote:
> [cc: some ARM people]
>
> After a bit of an adventure, I got QEMU working. (Linux 3.12's smc91x
> driver and qemu 1.6 don't get along. It would be great if some
> kernel.org page described a standard way to boot a modern Linux image
>
201 - 300 of 532 matches
Mail list logo