229732 – LSPP: pfkey_delete and xfrm_del_sa audit hook is misplaced.

Bug 229732 - LSPP: pfkey_delete and xfrm_del_sa audit hook is misplaced.

Summary: LSPP: pfkey_delete and xfrm_del_sa audit hook is misplaced.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	5.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Eric Paris
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	RHEL5LSPPCertTracker
TreeView+	depends on / blocked

Reported:	2007-02-23 00:05 UTC by Eric Paris
Modified:	2007-11-30 22:07 UTC (History)
CC List:	3 users (show)
Fixed In Version:	RHBA-2007-0959
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-11-07 19:41:28 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2007:0959	0	normal	SHIPPED_LIVE	Updated kernel packages for Red Hat Enterprise Linux 5 Update 1	2007-11-08 00:47:37 UTC

Description Eric Paris 2007-02-23 00:05:59 UTC

The audit hook in pfkey_delete will not notice nor audit any SA deletions denied
by security policy.

Comment 1 Eric Paris 2007-02-23 00:12:58 UTC

xfrm_del_sa is the same way.   broken in RHEL5 and upstream

Comment 4 Eric Paris 2007-03-06 21:38:53 UTC

needs verification from joy lattern.  also needs acceptance into an upstream tree:

http://marc.theaimsgroup.com/?l=linux-kernel&m=117286663919504&w=2

Comment 5 Eric Paris 2007-03-23 17:48:06 UTC

in at least 2.6.21-rc4 verified by joy latten of ibm.  ready for internal
submission removing from LSPP tracker list.

Comment 8 Don Zickus 2007-06-16 00:31:24 UTC

in 2.6.18-27.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Comment 10 Mike Gahagan 2007-09-12 21:46:39 UTC

confirmed fix is in the -46 kernel.

Comment 12 errata-xmlrpc 2007-11-07 19:41:28 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0959.html

Note You need to log in before you can comment on or make changes to this bug.