https://bugzilla.novell.com/show_bug.cgi?id=259676 Summary: auditd goes compute bound and locks up when sent SIGUSR1 Product: openSUSE 10.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: crispin@novell.com QAContact: qa@suse.de The man page for auditd says that if you send it SIGUSR1, it will immediately rotate the audit logs. This is very useful functionality, and I used it in the AppArmor demo re-initialization script. It works properly on GA editions of SLES10 and SLED10. However, on openSUSE 10.2 sending SIGUSR1 to auditd causes it to become compute bound, and cease generating audit records. This is easily reproducable: just send SIGUSR1 to the auditd process, and it immediately locks up. Recovery is easy: run "/etc/init.d/auditd restart". The restart takes a little longer than usual, but does succeed. Not really a security vulnerability, because it seems you need to be root to send SIGUSR1 and have it do anything. Sending from non-root had no noticeable effects. This bug was badly reported in 249638, where I had this problem confounded with problems in ZMD in hard-to-reproduce ways. At least now the auditd bug is clean and easy to reproduce. NOTE: I have not checked SP1 to see if it is infected with this bug. Someone with access to an SP1 beta should do that very soon. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.