[Midnightbsd-cvs] [MidnightBSD/src] 8c7ff5: audit: Fix incorrect audit records for ptrace(PT_S...
Lucas Holt
noreply at github.com
Tue Jun 30 21:31:46 EDT 2026
Branch: refs/heads/stable/4.1
Home: https://github.com/MidnightBSD/src
Commit: 8c7ff51ac6fc86bfa9b3cb350af90c57da7b1a2c
https://github.com/MidnightBSD/src/commit/8c7ff51ac6fc86bfa9b3cb350af90c57da7b1a2c
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-06-30 (Tue, 30 Jun 2026)
Changed paths:
M sys/kern/kern_sig.c
Log Message:
-----------
audit: Fix incorrect audit records for ptrace(PT_SC_REMOTE) syscalls
When auditing a system call executed via ptrace(PT_SC_REMOTE), the kernel
passed the return value of the internal setup logic (error) to
AUDIT_SYSCALL_EXIT() rather than the actual result of the executed system
call (tsr->ts_ret.sr_error). As a result, committed audit records for
remotely executed system calls that failed incorrectly indicated success.
An attacker able to debug a process could exploit this to produce
misleading audit trails, potentially undermining audit-based IDS.
Ported from the FreeBSD fix for SA-26:45.audit (FreeBSD commit
1763deb84ba9), by Kyle Evans.
Security: FreeBSD-SA-26:45.audit
Security: CVE-2026-49426
Obtained from: FreeBSD
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply at anthropic.com>
Commit: b13b1d8e384293b8d148d60f9450a50de0372d56
https://github.com/MidnightBSD/src/commit/b13b1d8e384293b8d148d60f9450a50de0372d56
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-06-30 (Tue, 30 Jun 2026)
Changed paths:
M UPDATING
Log Message:
-----------
UPDATING: Note SA-26:45.audit fix
Security: FreeBSD-SA-26:45.audit
Security: CVE-2026-49426
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply at anthropic.com>
Compare: https://github.com/MidnightBSD/src/compare/8415134c9b61...b13b1d8e3842
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list