Re: [RFC][PATCH] (#6) filesystem auditing
On Tuesday 15 March 2005 12:29 pm, Timothy R. Chavez wrote:
On Tuesday 15 March 2005 12:11 pm, Stephen Smalley wrote:
> On Tue, 2005-03-15 at 11:51 -0600, Timothy R. Chavez wrote:
<snip>
I have a feeling that someone how the memset(&watch, 0,
sizeof(watch)) that was once in reset_vars() (in auditctl.c) has escaped
some how and your passing in a perm equal to some rediculous value (bigger
then 15) because it was not intialized to 0. Perhaps?
-tim
Oops, I was looking at an unpatched auditctl.c (doh!) so I don't think this is
the problem necessarily, but if you could please verify that you do make it
past audit_netlink_ok(), into audit_watch_insert(), and then print out the
values, that'd help. I'm trying to think of where you'd get invalids. And
you're right, its likely that at least the payload is malformed in some way.
-tim