[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [patch] Syscall auditing - move "name=" field to the end




> I don't think this patch is enough -- either we need to escape the text
> completely or just dump it as hex instead of a string. One option would
> be to dump it in quotes as a string if all chars in the string are in
> the range 0x20-0x7e, and as hex otherwise. That slightly complicates the
> parsing, but not by much, and still gives you plain text in the majority
> of cases while protecting against abuse.


Dumping in hex instead of string would have a testing impact. Using a string in quotes would be a
smaller hit, but there still would be additional impact to test the "hex otherwise" case.



Kris Wilson
Linux Security
(512) 838-0126 T/L:678-0126
krisw us ibm com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]