get_field_str() and interpret_field() bug with multi-word fields
Matthew Booth
mbooth at redhat.com
Tue Aug 12 22:10:40 UTC 2008
Steve Grubb wrote:
> If somebody has a better idea/code in hand when we start the 2.0 code, I'd
> like to consider it. The pre-requisites are it has to be backward compatible,
> it has to handle unicode, it has to handle fields with odd characters.
I have thought for some time now that the kernel would do better to
produce binary records. This would have many advantages, including:
* Very simple parsing
* Much faster to parse
* Faster to produce
* Much easier to specify
The production of text would then be the problem of the audit daemon. If
the current text based nightmare were frozen, they could even live
side-by-side.
Matt
--
Matthew Booth, RHCA, RHCSS
Red Hat, Global Professional Services
M: +44 (0)7977 267231
GPG ID: D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
More information about the Linux-audit
mailing list