[RFC] Comments on audit command line failure
William Roberts
bill.c.roberts at gmail.com
Tue Jan 7 15:54:11 UTC 2014
On Jan 6, 2014 7:38 PM, "William Roberts" <bill.c.roberts at gmail.com> wrote:
>
> I've been doing some testing of the recent audit cmdline patches,
> notably as many as the error paths as I can.
>
> On a failure, the field is populated with null, like when key is null.
> However, it has quotes, should I drop the quotes...
>
> Example:
>
> Now:
> cmdline="(null)" key=(null)
>
> Proposed:
> cmdline=(null) key=(null)
>
>
> I noticed that tty if its null also does not have quotes.
Also, I was ensuring that the end of cmdline was null terminated before
adding it to the audit buffer. That code is something like:
buf[res-1]=\0
Suppose buf is just a single character. Its within bounds but now gets
clobbered with a null byte? Should I handle this case?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20140107/7c9f4a60/attachment.htm>
More information about the Linux-audit
mailing list