[PATCH] Abnormal End of Processes
Hi,
I have been working on some code that detects abnormal events based on audit
system events. One kind of event that we currently have no visibility for is
when a program terminates due to segfault - which should never happen on a
production machine. And if it did, you'd want to investigate it. Attached is a
patch that collects these events and sends them into the audit system.
Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
diff --git a/fs/exec.c b/fs/exec.c
index 1ba85c7..7cf078e 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1488,6 +1488,8 @@
int flag = 0;
int ispipe = 0;
+ audit_core_dumps(signr);
+
binfmt = current->binfmt;
if (!binfmt || !binfmt->core_dump)
goto fail;