get_field_str() and interpret_field() bug with multi-word fields
John Dennis
jdennis at redhat.com
Tue Aug 12 21:09:18 UTC 2008
Steve Grubb wrote:
> On Tuesday 12 August 2008 16:11:42 Eric Paris wrote:
>
>> As soon as you grasp that article send me the code and we'll work
>> together to fix this problem!
>>
>
> And any code created needs to be backwards compatible. you could have new user
> space/new kernel, or new user space/old kernel, and new kernel/old user
> space.
The fact you can have any combination of kernel, user code, and
historical log files is precisely why this need to be fixed ASAP. Why?
Because there is no value in being backwards compatible with a data
stream you can't read when any of the three components (kernel, user
libraries, files) are permuted.
The longer we archive log data with this problem the worse the problem
gets. The fact the triplet <kernel, user libraries, file> have to be in
sync is untenable in the long run.
> You have no way of dictating which versions of anything people will
> use.
>
>
Thank you for making my point :-)
> -Steve
>
--
John Dennis <jdennis at redhat.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20080812/cd4e76af/attachment.htm>
More information about the Linux-audit
mailing list