get_field_str() and interpret_field() bug with multi-word fields
Steve Grubb
sgrubb at redhat.com
Tue Aug 12 21:24:08 UTC 2008
On Tuesday 12 August 2008 17:09:18 John Dennis wrote:
> The fact you can have any combination of kernel, user code, and
> historical log files is precisely why this need to be fixed ASAP. Why?
> Because there is no value in being backwards compatible with a data
> stream you can't read when any of the three components (kernel, user
> libraries, files) are permuted.
John, you are very wrong here. We are about to role out remote logging for the
audit system. Anyone who works on production systems knows that they stay
deployed for many years because re-deploying takes manhours and is therefore
a cost sink. The less you touch a system, the better off you are financially.
So, in the future you will likely have a RHEL6 machine aggregating RHEL5
machines. They will not be happy if they find that they have to upgrade all
the machines just to do reports. There's no way I'm going to tell people we
are cutting you off, you have to upgrade.
-Steve
More information about the Linux-audit
mailing list