On 6/6/2011 5:59 PM, Steve Grubb wrote:
On Monday, June 06, 2011 07:22:43 PM Pablo Neira Ayuso wrote:
> On 06/06/11 15:10, Mr Dash Four wrote:
>>> Exactly my point. There is no leak if its text or numeric.
>> No, there is no leak if it is a text, but there *is* a leak if it is a
>> numeric. I think I've made that quite clear.
> We don't use numeric secmark anymore in nf_conntrack. Not very familiar
> with SELinux, but I remember that the convention was not to provide
> internal numeric values.
All of the audit system records the numbers if conversion fails.
Consistency is important
We want it as
forensic evidence or troubleshooting information as the case may be.
It's completely pointless to have in the audit record. The code
ought to treat an untranslatable secmark with the same severity
as an invalid pointer. You could argue that it is oopsable. Certainly
worthy of a BUG invocation. Printing the numeric is sloppy error
handling.
-Steve
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit