[PATCH] Fix acct quoting in audit_log_acct_message())
John Dennis
jdennis at redhat.com
Tue Mar 4 22:32:38 UTC 2008
Eric Paris wrote:
> it needs to stay an untrusted string, but its name, well yeah, that
> doesn't tell us a whole lot, does it?
It's the untrusted string code which is the primary culprit. If we fixed
audit so that *all* strings written by audit are formatted by exactly
one string formatting routine and that routine is sane then 99.99% of
the problems would go away. That was the thrust of my original email and
what I was most concerned about. Perhaps unfortunately the email
included some optional suggestions which is what some folks latched onto
obscuring the real issue.
--
John Dennis <jdennis at redhat.com>
More information about the Linux-audit
mailing list