Re: [PATCH 1/5] Add general crypto auditing infrastructure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2010-11-23 at 13:25 -0500, Miloslav Trmac wrote:
> ----- "Eric Paris" <eparis@xxxxxxxxxx> wrote:
> > On Tue, 2010-11-23 at 13:50 +0100, Miloslav TrmaÄ wrote:
> > > Collect audited crypto operations in a list, because a single _exit()
> > > can cause several AF_ALG sockets to be closed, and each needs to be
> > > audited.
> > > 
> > > Add the AUDIT_CRYPTO_OP field so that crypto operations are not
> > audited
> > > by default, but auditing can be enabled using a rule (probably
> > > "-F crypto_op!=0").
> > 
> > Just an implementation question, why a new list instead of finding a
> way
> > to reuse struct audit_aux_data?
> This remained in the code from an earlier version where the relative
> order of crypto records was meaningful.  In the current version the
> only difference is that an AUDIT_CRYPTO_OP filter has to traverse
> fewer entries.

It probably won't actually have to traverse extra entries.  We shouldn't
(at least that I can think of) ever have a single syscall which is going
to have crypto, execve, signal, fcaps, etc. records simultaneously.  In
any case, if you send another round, I'd suggest reuse or aux.

-Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux