On Tue, 2009-04-07 at 11:34 -0400, Paul Moore wrote:
Does anyone have any thoughts?
I remember debugging an issue with the incorrect return value being
audited for a syscall. It was s390[x] specific and only occurred with
successful execve() syscalls. This behavior was pointed out with the
open-source common-criteria testsuite that checked each
security-relevant syscalls for parameters, return values, args etc..
I didn't give much important to those since execve() return value is
really not that important if the call succeeds ;-)
But now I'm curious to what other problems related to syscalls return
values you've found, and how those weren't caught by the same set of
tests (hmm, maybe they are x86-specific?)
Can you give us some examples?
Thanks,
-Klaus
--
Klaus Heinrich Kiwi <klausk(a)linux.vnet.ibm.com>
Linux Security Development, IBM Linux Technology Center