GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-06-22 14:41:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[PATCH] audit signal recipients

Browse source 
When auditing syscalls that send signals, log the pid and security
context for each target process. Optimize the data collection by
adding a counter for signal-related rules, and avoiding allocating an
aux struct unless we have more than one target process. For process
groups, collect pid/context data in blocks of 16. Move the
audit_signal_info() hook up in check_kill_permission() so we audit
attempts where permission is denied.

Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Amy Griffis 2007-03-29 18:01:04 -04:00 committed by Al Viro
parent 7f13da40e3
commit e54dc2431d
11 changed files with 206 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

10
kernel/signal.c
View file

@ -497,6 +497,11 @@ static int check_kill_permission(int sig, struct siginfo *info,
int error = -EINVAL;
if (!valid_signal(sig))
return error;
error = audit_signal_info(sig, t); /* Let audit system see the signal */
if (error)
return error;
error = -EPERM;
if ((info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info)))
&& ((sig != SIGCONT) ||
@ -506,10 +511,7 @@ static int check_kill_permission(int sig, struct siginfo *info,
&& !capable(CAP_KILL))
return error;
error = security_task_kill(t, info, sig, 0);
if (!error)
audit_signal_info(sig, t); /* Let audit system see the signal */
return error;
return security_task_kill(t, info, sig, 0);
}
/* forward decl */