2008-08-07 18:15:01

by Michael Davidson

[permalink] [raw]
Subject: [PATCH] x86: audit syscalls based on type of syscall not type of binary


Fix syscall auditing to audit based on the actual type of system
call that was made, not the type of binary that made it.

Signed-off-by: Michael Davidson <[email protected]>

---

Index: linux-2.6.26.2/arch/x86/kernel/ptrace.c
===================================================================
--- linux-2.6.26.2.orig/arch/x86/kernel/ptrace.c 2008-08-06 09:19:01.000000000 -0700
+++ linux-2.6.26.2/arch/x86/kernel/ptrace.c 2008-08-07 11:01:25.976235000 -0700
@@ -1491,7 +1491,7 @@
syscall_trace(regs);

if (unlikely(current->audit_context)) {
- if (test_thread_flag(TIF_IA32)) {
+ if (current_thread_info()->status & TS_COMPAT) {
audit_syscall_entry(AUDIT_ARCH_I386,
regs->orig_ax,
regs->bx, regs->cx,