get_field_str() and interpret_field() bug with multi-word fields

Matteo Michelini matteo.michelini at gmail.com
Fri Aug 15 15:27:42 UTC 2008


2008/8/15, Steve Grubb <sgrubb at redhat.com>:
> On Friday 15 August 2008 09:58:54 Matteo Michelini wrote:
>> I'm working on a binary format for the linux-audit system as part of a
>> university research project.
>
> Big-endian/little-endian in aggregated logs? Will the kernel authors allow
> the
> encoder in the kernel? XDR was the only option we had last time. Versioning
> of structs? How do old user space tools work with new kernel that may change
> layout? Patents?
>
I must design and implement something that is really close to the
FreeBSD BSM implementation, because in userspace we have a tool (an
IDS) that works with BSM trails format only.
I'm designing the patch with the big-endian encoding format.
My idea is only to add this capability to the existing text-based format.
The FreeBSD BSM implementation is BSD License..

> -Steve
>


-- 
Matteo Michelini (Milan - Italy)
http://www.michelini.co.uk
Linux registered user: #332873




More information about the Linux-audit mailing list