audit-0.6.2 released
Chris Wright
chrisw at osdl.org
Wed Apr 27 22:12:17 UTC 2005
* Steve Grubb (sgrubb at redhat.com) wrote:
> On Wednesday 27 April 2005 17:51, Chris Wright wrote:
> > We know how long the buffer is, but the NULL byte is not in the buffer.
> > So we either overwrite the last byte of the buffer, or the first byte of
> > the next thing in memory.
>
> I think the intent was to overwrite the last thing in the buffer. One of my
> concerns has been that legally, paths can be 4096 bytes. There is a note in
> the audit.c file that says we are limiting ourselves to 1024 bytes because of
> printk limitations. So it we've accepted that we can't printk full file
> names, what's wrong with losing 1 byte?
I had hoped to find the actual bug (esp. since I'm not convinced it's
a vsprintf bug in kernel). Short of that, I agree, chopping off last
byte is doable.
thanks,
-chris
More information about the Linux-audit
mailing list