[PATCH] Fix acct quoting in audit_log_acct_message())
John Dennis
jdennis at redhat.com
Tue Mar 4 20:57:46 UTC 2008
Tomas Mraz wrote:
> But even if the messages were parsable into a tree regardless of kernel
> version, for semantic understanding of the messages you'll still have to
> know which kernel generated them unless the semantics is set in stone
> for all possible messages.
Parsing and semantic interpretation are two distinct operations, both
have merit.
A library should be able to parse the data stream without producing errors.
This is not an abstract issue for me, I had to fix bugs which threw
serious exceptions because it could not determine if a value was a
string or binary data (e.g. hexadecimal encoded string). When it made
the wrong decision and tried to decode what it thought was hexadecimal
encoding it produced a horribly malformed string which violated UTF-8,
which then sent every library which was passed the string into the
weeds. Which by the way would include any library which might try to
interpret the semantic meaning of the string.
FWIW, I do not consider the ability to recognize a string as semantic
interpretation. Semantic interpretation would be interpreting the
string. Recognizing a string in a byte orientated data stream is parsing.
--
John Dennis <jdennis at redhat.com>
More information about the Linux-audit
mailing list