Bug 223864
Summary: | LSPP: Exceptions to expected audit behavior should be documented | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Kylene J Hall <kylene> |
Component: | audit | Assignee: | Steve Grubb <sgrubb> |
Status: | CLOSED WONTFIX | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5.0 | CC: | iboverma, linda.knippers, sgrubb |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-03-05 22:36:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 224041, 227613 |
Description
Kylene J Hall
2007-01-22 20:05:07 UTC
per 2/12, Steve G. is evaluating alternatives. Let me know what you'd like me to do with this one. Several syscalls when run in 32 bit mode on s390x are ORing 0x4900000000 (notice that is too big for a 32 bit field) with the 4th audited argument. Again, I think this is could be happening at the glibc level because when I strace the test the value has already been ORed. However, I see the same result when I change the test to call with syscall(__NR_###. The syscalls I have observed this with include: fchownat, fgetxattr, fsetxattr, getxattr, lgetxattr, lsetxattr, mknodat, mmap, mq_timedsendreceive, mremap, openat, ptrace, renameat, setxattr, linkat. This will be fixed by updating documentation in the configuration guide. Closing. |