[PATCH] execve argument logging
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri Apr 21 20:19:09 UTC 2006
On Fri, 21 Apr 2006 09:20:10 EDT, Steve Grubb said:
> To give some background...we have this open bugzilla:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168285
>
> It was agreed last summer that this would be useful for people. It has nothing
> to do with CAPP certification, so it was put on the back burner. No one had
> the time to complete it until now. What the patch does is collect the string
> arguments to execve and logs them as an auxiliary record. It was also put
> onto linux-audit mail list as a proposal, item #1 here:
>
> https://www.redhat.com/archives/linux-audit/2005-September/msg00061.html
Does this allow an attacker to DoS the audit log by creating a fork/exec loop
intentionally invoking a totally duff binary, but that includes a very long argument?
Maybe a "first 32/64 bytes of each argument" limit is needed? Or is there one
there and I missed it?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20060421/98146b3d/attachment.sig>
More information about the Linux-audit
mailing list