| Summary: | auditctl fails to add rule with "Error sending add rule data request" as CONFIG_AUDITSYSCALL is not enabled in our kernel | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Florian Hubold <doktor5000> |
| Component: | RPM Packages | Assignee: | Kernel and Drivers maintainers <kernel> |
| Status: | RESOLVED WONTFIX | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | doktor5000 |
| Version: | 5 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | CVE: | ||
| Status comment: | |||
|
Description
Florian Hubold
2016-02-17 22:00:04 CET
@Thomas: Is there any particular reason why CONFIG_AUDITSYSCALL is disabled? CC:
(none) =>
doktor5000 IIRC it was disabled to fix CVE-2014-3917: https://bugs.mageia.org/show_bug.cgi?id=13487 https://fedorahosted.org/fesco/ticket/1311 http://seclists.org/oss-sec/2014/q2/377 Mass-reassigning all bugs with "kernel" in the summary that are still assigned to tmb (or wrongly assigned to someone with "tmb" in his e-mail address) to the kernel packagers group, but without adding "kernel" to the SRPM field. Please reassign if needed, or add kernel to the SRPM field if this is correct. Assignee:
tmb =>
kernel Closing this, see comment 2 and the linked bug 13487 > kernel/auditsc.c in the Linux kernel through 3.14.5, when > CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local > users to obtain potentially sensitive single-bit values from kernel memory > or cause a denial of service (OOPS) via a large value of a syscall number. > (CVE-2014-3917) > As CONFIG_SYSCALL also have other potential security issues, it has been > disabled in order to protect installed mageia systems. Status:
NEW =>
RESOLVED |