On 2 Oct 2018, at 18:15, Alan Somers <asom...@freebsd.org> wrote: >> 3. Remove a check of trail enablement/suspension from audit_new() -- >> at the point where this function has been entered, we believe that >> system-call auditing is already in force, or we wouldn't get here, >> so simply proceed to more expensive policy checks. > > Did you check the logic around audit_proc_coredump too? I think this change > will cause AUE_CORE events to be emitted even when auditing is disabled.
This should be caught by audit_commit(), although it probably would be slightly preferable for audit_proc_coredump() to have an explicit policy check earlier, avoiding a memory allocation (but not a big deal). Robert _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
