Yes, that has to have been a typo... The patch certainly looks correct.
(will test later today)
thanks,
-serge
On Thu, 2005-01-06 at 13:27 -0500, Stephen Smalley wrote:
Hi,
I might be mis-reading the code, but it appears that the current
audit_alloc() code is not preserving the loginuid of the parent process
for the child process upon a fork or clone. Instead, it is checking to
see if the just-created child has an existing audit context and if so,
copies the loginuid from it, which seems nonsensical, especially as it
does nothing to free any existing audit context if one exists already.
Does this patch look correct? In this context, tsk == the child, and
current == the parent. The child has not yet started execution at this
point; it is still being setup by the fork/clone code.
--- linux-2.6.10/kernel/auditsc.c.orig 2005-01-06 13:11:51.000000000 -0500
+++ linux-2.6.10/kernel/auditsc.c 2005-01-06 13:14:28.000000000 -0500
@@ -549,8 +549,8 @@ int audit_alloc(struct task_struct *tsk)
/* Preserve login uid */
context->loginuid = -1;
- if (tsk->audit_context)
- context->loginuid = tsk->audit_context->loginuid;
+ if (current->audit_context)
+ context->loginuid = current->audit_context->loginuid;
tsk->audit_context = context;
set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT);
--
Serge Hallyn <serue(a)us.ibm.com>