Problem Description:
When auditing a system call executed via ptrace(PT_SC_REMOTE),
the kernel passed the return value of an internal setup function
to AUDIT_SYSCALL_EXIT() rather than the actual result of the executed
system call. As a result, committed audit records for system calls
which returned an error do not reflect the true outcome of the
operation. That is, they indicate that the operation succeeded
when it in fact failed.
Impact:
Audit records for system calls executed via ptrace(PT_SC_REMOTE)
may show an incorrect error status. An attacker with the ability
to debug a process could use this to produce misleading audit trails,
potentially undermining audit-based Intrusion Detection Systems
(IDS).