On 6/6/2011 5:59 PM, Steve Grubb wrote: > On Monday, June 06, 2011 07:22:43 PM Pablo Neira Ayuso wrote: >> On 06/06/11 15:10, Mr Dash Four wrote: >>>> Exactly my point. There is no leak if its text or numeric. >>> No, there is no leak if it is a text, but there *is* a leak if it is a >>> numeric. I think I've made that quite clear. >> We don't use numeric secmark anymore in nf_conntrack. Not very familiar >> with SELinux, but I remember that the convention was not to provide >> internal numeric values. > All of the audit system records the numbers if conversion fails. Consistency is important > We want it as > forensic evidence or troubleshooting information as the case may be. It's completely pointless to have in the audit record. The code ought to treat an untranslatable secmark with the same severity as an invalid pointer. You could argue that it is oopsable. Certainly worthy of a BUG invocation. Printing the numeric is sloppy error handling. > -Steve > > -- > Linux-audit mailing list > Linux-audit@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/linux-audit > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
