aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorPeter Zijlstra <a.p.zijlstra@chello.nl>2007-07-19 04:48:15 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-07-19 13:04:45 -0400
commitbdf4c48af20a3b0f01671799ace345e3d49576da (patch)
tree7c3b903d2de1cba6e212ad6f347bc8742b08035a /Documentation
parentb111757c50ee30dad162192df6168e270a90c252 (diff)
audit: rework execve audit
The purpose of audit_bprm() is to log the argv array to a userspace daemon at the end of the execve system call. Since user-space hasn't had time to run, this array is still in pristine state on the process' stack; so no need to copy it, we can just grab it from there. In order to minimize the damage to audit_log_*() copy each string into a temporary kernel buffer first. Currently the audit code requires that the full argument vector fits in a single packet. So currently it does clip the argv size to a (sysctl) limit, but only when execve auditing is enabled. If the audit protocol gets extended to allow for multiple packets this check can be removed. Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Ollie Wild <aaw@google.com> Cc: <linux-audit@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/filesystems/proc.txt7
1 files changed, 7 insertions, 0 deletions
diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
index ebffdffb3d99..72e247ef6fa2 100644
--- a/Documentation/filesystems/proc.txt
+++ b/Documentation/filesystems/proc.txt
@@ -1065,6 +1065,13 @@ check the amount of free space (value is in seconds). Default settings are: 4,
1065resume it if we have a value of 3 or more percent; consider information about 1065resume it if we have a value of 3 or more percent; consider information about
1066the amount of free space valid for 30 seconds 1066the amount of free space valid for 30 seconds
1067 1067
1068audit_argv_kb
1069-------------
1070
1071The file contains a single value denoting the limit on the argv array size
1072for execve (in KiB). This limit is only applied when system call auditing for
1073execve is enabled, otherwise the value is ignored.
1074
1068ctrl-alt-del 1075ctrl-alt-del
1069------------ 1076------------
1070 1077