Re: [PATCH] Audit: netlink socket can be auto-bound to pid other than current->pid

From: Eric Paris
Date: Wed Mar 19 2008 - 19:35:02 EST

Next message: serge: "Re: [PATCH] signals: check_kill_permission: check session undertasklist_lock"
Previous message: Kiyoshi Ueda: "[RFC PATCH 00/13] request stacking and request-based dm-multipath"
In reply to: Eric Paris: "Re: [PATCH] Audit: netlink socket can be auto-bound to pid other than current->pid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/18/08, Eric Paris <eparis@xxxxxxxxxxxxxx> wrote:
> On 3/18/08, Pavel Emelyanov <xemul@xxxxxxxxxx> wrote:

> > @@ -626,6 +628,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
> > sid, 1);
> >
> > audit_pid = new_pid;
> > + audit_nlk_pid = NETLINK_CB(skb).pid;
> > }
> > if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
> > err = audit_set_rate_limit(status_get->rate_limit,

Shouldn't the above be:

if (audit_pid)
audit_nlk_pid = NETLINK_CB(skb).pid;
else
audit_nlk_pid = 0;

otherwise I don't see how you can cleanly stop the userspace auditd.....
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: serge: "Re: [PATCH] signals: check_kill_permission: check session undertasklist_lock"
Previous message: Kiyoshi Ueda: "[RFC PATCH 00/13] request stacking and request-based dm-multipath"
In reply to: Eric Paris: "Re: [PATCH] Audit: netlink socket can be auto-bound to pid other than current->pid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]