pam_tty_audit icanon log switch
Richard Guy Briggs
rgb at redhat.com
Mon Apr 22 17:16:56 UTC 2013
On Thu, Apr 18, 2013 at 04:07:08PM -0400, Richard Guy Briggs wrote:
> On Thu, Apr 18, 2013 at 03:31:36PM -0400, Miloslav Trmač wrote:
> > Hello,
> >
> > ----- Original Message -----
> > > Full replacement patch:
> >
> > I'm still convinced that icanon is not the correct condition, see
> > https://www.redhat.com/archives/linux-audit/2013-March/msg00052.html .
>
> That's a seperate issue. :)
>
> I'll come back to that...
Ok, thank you for bringing me back to that. And thank you for the test
case suggestions. You are correct, !echo is needed too. I've added it
back.
> > > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
> > > index 9f096f1..a863669 100644
> > > --- a/include/uapi/linux/audit.h
> > > +++ b/include/uapi/linux/audit.h
> > > @@ -369,7 +369,8 @@ struct audit_status {
> > > };
> > >
> > > struct audit_tty_status {
> > > - __u32 enabled; /* 1 = enabled, 0 = disabled */
> > > + __u32 enabled; /* 1 = enabled, 0 = disabled */
> > > + __u32 log_icanon; /* 1 = enabled, 0 = disabled */
> > > };
> >
> > Also, would it make sense for the user-space API to be more general
> > about expressing the intent ("log passwords")? I don't know, being
> > precise about the exact effect of the option is also beneficial.
>
> Hmmm, I'll have to ponder that...
I am inclined to leave it named as is for precision. The reason for the
option is covered in the manpage. Can you suggest a better wording for
the manpage if you don't think it is clear enough? A comment in the
source code wouldn't hurt though, now that you mention it.
> > Mirek
>
> - RGB
- RGB
--
Richard Guy Briggs <rbriggs at redhat.com>
Senior Software Engineer
AMER ENG Base Operating Systems
Remote, Canada, Ottawa
Voice: 1.647.777.2635
Internal: (81) 32635
More information about the Linux-audit
mailing list