Re: [PATCH v2 2/2] audit: Mark CONFIG_AUDITSYSCALL BROKEN and update help text
NAK
On Wed, 2014-05-28 at 18:44 -0700, Andy Lutomirski wrote:
Here are some issues with the code:
- It thinks that syscalls have four arguments.
Not true at all. It records the registers that would hold the first 4
entries on syscall entry, for use later if needed, as getting those
later on some arches is not feasible (see ia64). It makes no assumption
about how many syscalls a function has.
- It's a performance disaster.
Only if you enable it. If you don't use audit it is a single branch.
Hardly a disaster.
- It assumes that syscall numbers are between 0 and 2048.
There could well be a bug here. Not questioning that. Although that
would be patch 1/2
- It's unclear whether it's supposed to be reliable.
Unclear to whom?
- It's broken on things like x32.
- It can't support ARM OABI.
Some arches aren't supported? And that makes it BROKEN?
- Its approach to freeing memory is terrifying.
What?
None of your reasons hold water. Bugs need to be fixed. Try reporting
them... This is just stupid.
Signed-off-by: Andy Lutomirski <luto(a)amacapital.net>
---
init/Kconfig | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/init/Kconfig b/init/Kconfig
index 9d3585b..24d4b53 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -296,13 +296,16 @@ config HAVE_ARCH_AUDITSYSCALL
bool
config AUDITSYSCALL
- bool "Enable system-call auditing support"
- depends on AUDIT && HAVE_ARCH_AUDITSYSCALL
+ bool "Enable system-call auditing support (not recommended)"
+ depends on AUDIT && HAVE_ARCH_AUDITSYSCALL && BROKEN
default y if SECURITY_SELINUX
help
- Enable low-overhead system-call auditing infrastructure that
- can be used independently or with another kernel subsystem,
- such as SELinux.
+ Enable system-call auditing infrastructure that can be used
+ independently or with another kernel subsystem, such as
+ SELinux.
+
+ AUDITSYSCALL has serious performance and correctness issues.
+ Use it with extreme caution.
config AUDIT_WATCH
def_bool y