Bug 206427
Summary: | LTC26985-[LSPP Audit] auditctl fails to reject malformed ARCH filter | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Issue Tracker <tao> |
Component: | kernel | Assignee: | Eric Paris <eparis> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5.0 | CC: | aviro, iboverma, sgrubb, tao |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 5.0.0 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-11-17 14:50:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Issue Tracker
2006-09-14 11:33:43 UTC
I sent an e-mail directly to the ibm reporter to ask this question (since I was apparently supposed to have all this fixed by last monday) but should follow process as well. By "invalid" do they mean the usage of > or < ? I assume they believe that only = or != should be allowed? If so this should be done in userspace in the auditctl utility in audit_rule_fieldpair_data() by returning -12 and explaining it in an error inside setopt. This should not be a kernel fix. only = and != are valid for arch field. This needs to be in the kernel since anyone could use an old audit tool or write their own. QE ack for RHEL5B2. Related to 14b of the release criteria. patch posted for revew on 9/29. in kernel-2.6.18-1.2718.el5 |