The patch titled
audit: sockaddr patch
has been added to the -mm tree. Its filename is
audit-sockaddr-patch.patch
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
From: Steve Grubb <sgrubb@xxxxxxxxxx>
On Thursday 23 March 2006 09:08, John D. Ramsdell wrote:
> I noticed that a socketcall(bind) and socketcall(connect) event contain a
> record of type=SOCKADDR, but I cannot see one for a system call event
> associated with socketcall(accept). Recording the sockaddr of an accepted
> socket is important for cross platform information flow analys
Thanks for pointing this out. The following patch should address this.
Signed-off-by: Steve Grubb <sgrubb@xxxxxxxxxx>
Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
net/socket.c | 2 ++
1 files changed, 2 insertions(+)
diff -puN net/socket.c~audit-sockaddr-patch net/socket.c
--- devel/net/socket.c~audit-sockaddr-patch 2006-04-17 21:40:27.000000000 -0700
+++ devel-akpm/net/socket.c 2006-04-17 21:40:27.000000000 -0700
@@ -267,6 +267,8 @@ int move_addr_to_user(void *kaddr, int k
return -EINVAL;
if(len)
{
+ if (audit_sockaddr(klen, kaddr))
+ return -ENOMEM;
if(copy_to_user(uaddr,kaddr,len))
return -EFAULT;
}
_
Patches currently in -mm which might be from sgrubb@xxxxxxxxxx are
audit-sockaddr-patch.patch
audit-audit-inode-patch.patch
audit-change-lspp-ipc-auditing.patch
audit-reworked-patch-for-labels-on-user-space-messages.patch
audit-more-user-space-subject-labels.patch
audit-rework-of-ipc-auditing.patch
audit-audit-filter-performance.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
