get_field_str() and interpret_field() bug with multi-word fields
Eric Paris
eparis at redhat.com
Tue Aug 12 23:01:23 UTC 2008
On Tue, 2008-08-12 at 23:10 +0100, Matthew Booth wrote:
> Steve Grubb wrote:
> > If somebody has a better idea/code in hand when we start the 2.0 code, I'd
> > like to consider it. The pre-requisites are it has to be backward compatible,
> > it has to handle unicode, it has to handle fields with odd characters.
>
> I have thought for some time now that the kernel would do better to
> produce binary records. This would have many advantages, including:
>
> * Very simple parsing
> * Much faster to parse
> * Faster to produce
> * Much easier to specify
>
> The production of text would then be the problem of the audit daemon. If
> the current text based nightmare were frozen, they could even live
> side-by-side.
I've heard this binary audit data talk before. What would it actually
look like?
I'm perfectly fine if someone comes up with some patches that make
wholesale interface changes, but you better be d at m^ sure that I can run
that kernel on RHEL5 and it will work.
-Eric
More information about the Linux-audit
mailing list