rgbriggs
commented
4 years ago Closed rgbriggs closed 3 years ago
rgbriggs
commented
4 years ago rgbriggs
commented
4 years ago rgbriggs
commented
4 years ago Upstreamed 2020-03-12 for 5.6-rc1 1320a4052ea1
rgbriggs
commented
4 years ago NULL pointer dereference reported by bauen1:
Reproducer:
Mitigated by: ghak96 commit d7481b24b816 ("audit: issue CWD record to accompany LSM_AUDITDATA* records")
Code audit still needed to check all other records generated from audit_log_exit().
rgbriggs
commented
4 years ago rgbriggs
commented
4 years ago v2 reverted from audit/stable-5.8 and audit-pr-20200729 https://www.redhat.com/archives/linux-audit/2020-July/msg00144.html 8ac68dc455d9 revert: 1320a4052ea1 ("audit: trigger accompanying records when no rules present") https://www.redhat.com/archives/linux-audit/2020-July/msg00170.html
rgbriggs
commented
3 years ago rgbriggs
commented
3 years ago rgbriggs
commented
3 years ago v5.7-rc1 1320a4052ea1 audit: trigger accompanying records when no rules present v5.9-rc1 d7481b24b816 audit: issue CWD record to accompany LSM_AUDITDATA* records v5.8 8ac68dc455d9 revert: 1320a4052ea1 ("audit: trigger accompanying records when no rules present") audit/next 6d915476e67d audit: trigger accompanying records when no rules present
rgbriggs
commented
3 years ago On 2020-12-16 18:28, Paul Moore wrote:
Reopened #120.
I was going to say... It isn't in Linus' tree yet, which is why I didn't ask to have it closed yet. :-)
pcmoore
commented
3 years ago Yes, I was on a bit of a roll closing out issues and this was a case of my finger clicking on the "Close" button while my mind was still reading the last update :)
rgbriggs
commented
3 years ago In v5.11-rc1 2020-12-27, in v5.11 2021-02-14
When there are no audit rules registered, mandatory records (config, etc.) are missing their accompanying records (syscall, proctitle, etc.).
This is due to audit context dummy set on syscall entry based on absence of rules that signals that no other records are to be printed.