[PATCH] x86: audit syscalls based on type of syscall not type of binary

From: Michael Davidson
Date: Thu Aug 07 2008 - 14:15:05 EST

Next message: jmerkey: "Re: [ANNOUNCE] Merkey's Kernel Debugger"
Previous message: jmerkey: "Re: [ANNOUNCE] mdb-2.6.27-rc2-ia32-08-07-08.patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Fix syscall auditing to audit based on the actual type of system
call that was made, not the type of binary that made it.

Signed-off-by: Michael Davidson <md@xxxxxxxxxx>

---

Index: linux-2.6.26.2/arch/x86/kernel/ptrace.c
===================================================================
--- linux-2.6.26.2.orig/arch/x86/kernel/ptrace.c 2008-08-06 09:19:01.000000000 -0700
+++ linux-2.6.26.2/arch/x86/kernel/ptrace.c 2008-08-07 11:01:25.976235000 -0700
@@ -1491,7 +1491,7 @@
syscall_trace(regs);

if (unlikely(current->audit_context)) {
- if (test_thread_flag(TIF_IA32)) {
+ if (current_thread_info()->status & TS_COMPAT) {
audit_syscall_entry(AUDIT_ARCH_I386,
regs->orig_ax,
regs->bx, regs->cx,
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: jmerkey: "Re: [ANNOUNCE] Merkey's Kernel Debugger"
Previous message: jmerkey: "Re: [ANNOUNCE] mdb-2.6.27-rc2-ia32-08-07-08.patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]