130180 – Audit option to disable auditing of 32b processes on ia64 platforms

Bug 130180 - Audit option to disable auditing of 32b processes on ia64 platforms

Summary: Audit option to disable auditing of 32b processes on ia64 platforms

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	3.0
Hardware:	ia64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Peter Martuccelli
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-08-17 19:03 UTC by Peter Martuccelli
Modified:	2007-11-30 22:07 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-12-20 20:55:55 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2004:550	0	normal	SHIPPED_LIVE	Updated kernel packages available for Red Hat Enterprise Linux 3 Update 4	2004-12-20 05:00:00 UTC

Description Peter Martuccelli 2004-08-17 19:03:34 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.2)
Gecko/20040301

Description of problem:
Disable auditing of 32b processes through the proc/sys/dev/audit
interface.  

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Need to add interface to disable 32b audit support on ia64
2.
3.
    

Additional info:

Comment 1 Klaus Weidner 2004-08-18 14:31:08 UTC

A clarification - the requirement for the evaluation is that there
needs to be an interface to disable *execution* of 32bit binaries on
ia64 in the evaluated configuration. This is intended to be a runtime
switch in /proc/sys/dev/audit/ with 32bit execution being enabled by
default.

The reason for this change is that the audit code on the ia64 platform
has several known issues which prevent correct auditing of system
calls made by 32bit binaries. Having a system call interface available
which would let users bypass the audit subsystem would be unacceptable
for the evaluation.

Patches to fix most of the known issues are available, but the
resources to properly verify the correctness of the audit records to
EAL3 requirements are not, so the 32bit mode must be disabled for the
evaluated configuration for processes that would need to be audited. 

Note that the sysadmin can configure unaudited processes (i.e. a
database running as a daemon service) that can then still run in 32bit
mode in the evaluated configuration. Also, the evaluated configuration
only needs the *capability* to provide reliable audit, but the admin
is permitted to disable audit completely while remaining in an
evaluated configuration.

Comment 2 Ernie Petrides 2004-09-15 00:09:45 UTC

A fix for this problem has just been committed to the RHEL3 U4
patch pool this evening (in kernel version 2.4.21-20.6.EL).

Comment 3 John Flanagan 2004-12-20 20:55:55 UTC

An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-550.html

Note You need to log in before you can comment on or make changes to this bug.