| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 20 Sep 2008 17:01:44 +0200 From: Jiri Pirko <jpirko@...hat.com> To: Andrew Morton <akpm@...ux-foundation.org> Cc: linux-kernel@...r.kernel.org Subject: Re: [PATCH] audit: removed bogus newline On Fri, 19 Sep 2008 14:38:47 -0700 Andrew Morton <akpm@...ux-foundation.org> wrote: > On Fri, 19 Sep 2008 16:51:46 +0200 > Jiri Pirko <jpirko@...hat.com> wrote: > > > Hi. > > > > PATH records, as output by the kernel, contain a newline after the > > flags fields, which is in the middle of the record. EXECVE records > > contain a newline after every argument. auditd seems to hide this, > > but they're there nevertheless. If you're not using auditd, you > > need to work round them. > > > > What do you think about it? > > > > It would be easier to understand your proposal if you were to include > before- and after- samples of the log record. > record before: "argc=4 a0=\"./test\"\na1=\"a\"\na2=\"b\"\na3=\"c\"\n" record after: "argc=4 a0=\"./test\" a1=\"a\" a2=\"b\" a3=\"c\" " auditd converts "\n" to " ". But if you are reading this directly, you must count with it. These "\n" are completely worthless and do not appear in any other type of audit records. To be 100% correct here comes the patch that replaces previous. This removes also the space on the very end of the record: Signed-off-by: Jiri Pirko <jpirko@...hat.com> diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 59cedfb..f6c7f09 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1111,6 +1111,8 @@ static int audit_log_single_execve_arg(struct audit_context *context, buf[to_send] = '\0'; /* actually log it */ + if (arg_num) + audit_log_format(*ab, " "); audit_log_format(*ab, "a%d", arg_num); if (too_long) audit_log_format(*ab, "[%d]", i); @@ -1119,7 +1121,6 @@ static int audit_log_single_execve_arg(struct audit_context *context, audit_log_n_hex(*ab, buf, to_send); else audit_log_format(*ab, "\"%s\"", buf); - audit_log_format(*ab, "\n"); p += to_send; len_left -= to_send; > > > > > > > Signed-off-by: Jiri Pirko <jpirko@...hat.com> > > > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > > index 59cedfb..bf10cb0 100644 > > --- a/kernel/auditsc.c > > +++ b/kernel/auditsc.c > > @@ -1119,7 +1119,7 @@ static int audit_log_single_execve_arg(struct audit_context *context, > > audit_log_n_hex(*ab, buf, to_send); > > else > > audit_log_format(*ab, "\"%s\"", buf); > > - audit_log_format(*ab, "\n"); > > + audit_log_format(*ab, " "); > > > > p += to_send; > > len_left -= to_send; > > Is no newline needed after this loop has terminated? No newline is not needed on the end. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists