Bug 130180 - Audit option to disable auditing of 32b processes on ia64 platforms
Audit option to disable auditing of 32b processes on ia64 platforms
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
3.0
ia64 Linux
medium Severity medium
: ---
: ---
Assigned To: Peter Martuccelli
Brian Brock
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-08-17 15:03 EDT by Peter Martuccelli
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-12-20 15:55:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Martuccelli 2004-08-17 15:03:34 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.2)
Gecko/20040301

Description of problem:
Disable auditing of 32b processes through the proc/sys/dev/audit
interface.  

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Need to add interface to disable 32b audit support on ia64
2.
3.
    

Additional info:
Comment 1 Klaus Weidner 2004-08-18 10:31:08 EDT
A clarification - the requirement for the evaluation is that there
needs to be an interface to disable *execution* of 32bit binaries on
ia64 in the evaluated configuration. This is intended to be a runtime
switch in /proc/sys/dev/audit/ with 32bit execution being enabled by
default.

The reason for this change is that the audit code on the ia64 platform
has several known issues which prevent correct auditing of system
calls made by 32bit binaries. Having a system call interface available
which would let users bypass the audit subsystem would be unacceptable
for the evaluation.

Patches to fix most of the known issues are available, but the
resources to properly verify the correctness of the audit records to
EAL3 requirements are not, so the 32bit mode must be disabled for the
evaluated configuration for processes that would need to be audited. 

Note that the sysadmin can configure unaudited processes (i.e. a
database running as a daemon service) that can then still run in 32bit
mode in the evaluated configuration. Also, the evaluated configuration
only needs the *capability* to provide reliable audit, but the admin
is permitted to disable audit completely while remaining in an
evaluated configuration.
Comment 2 Ernie Petrides 2004-09-14 20:09:45 EDT
A fix for this problem has just been committed to the RHEL3 U4
patch pool this evening (in kernel version 2.4.21-20.6.EL).
Comment 3 John Flanagan 2004-12-20 15:55:55 EST
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-550.html

Note You need to log in before you can comment on or make changes to this bug.