[patch] Syscall auditing - move "name=" field to the end
Kris Wilson
krisw at us.ibm.com
Thu Mar 17 18:08:44 UTC 2005
> I don't think this patch is enough -- either we need to escape the text
> completely or just dump it as hex instead of a string. One option would
> be to dump it in quotes as a string if all chars in the string are in
> the range 0x20-0x7e, and as hex otherwise. That slightly complicates the
> parsing, but not by much, and still gives you plain text in the majority
> of cases while protecting against abuse.
Dumping in hex instead of string would have a testing impact. Using a
string in quotes would be a
smaller hit, but there still would be additional impact to test the "hex
otherwise" case.
Kris Wilson
Linux Security
(512) 838-0126 T/L:678-0126
krisw at us.ibm.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050317/97043277/attachment.htm>
More information about the Linux-audit
mailing list