audit-0.6.2 released
Steve Grubb
sgrubb at redhat.com
Wed Apr 27 22:02:40 UTC 2005
On Wednesday 27 April 2005 17:51, Chris Wright wrote:
> We know how long the buffer is, but the NULL byte is not in the buffer.
> So we either overwrite the last byte of the buffer, or the first byte of
> the next thing in memory.
I think the intent was to overwrite the last thing in the buffer. One of my
concerns has been that legally, paths can be 4096 bytes. There is a note in
the audit.c file that says we are limiting ourselves to 1024 bytes because of
printk limitations. So it we've accepted that we can't printk full file
names, what's wrong with losing 1 byte?
-Steve
More information about the Linux-audit
mailing list