svn commit: r339085 - head/sys/security/audit
Robert N. M. Watson
rwatson at FreeBSD.org
Thu Oct 4 07:56:39 UTC 2018
On 2 Oct 2018, at 18:15, Alan Somers <asomers at freebsd.org> wrote:
>> 3. Remove a check of trail enablement/suspension from audit_new() --
>> at the point where this function has been entered, we believe that
>> system-call auditing is already in force, or we wouldn't get here,
>> so simply proceed to more expensive policy checks.
>
> Did you check the logic around audit_proc_coredump too? I think this change will cause AUE_CORE events to be emitted even when auditing is disabled.
This should be caught by audit_commit(), although it probably would be slightly preferable for audit_proc_coredump() to have an explicit policy check earlier, avoiding a memory allocation (but not a big deal).
Robert
More information about the svn-src-all
mailing list