[PATCH] make it match explicitly when use option '-a', '-A' and '-d' to specify "list,action"
Miloslav Trmač
mitr at redhat.com
Fri Jul 18 08:49:13 UTC 2008
Hello,
Yu Zhiguo píše v Pá 18. 07. 2008 v 14:54 +0800:
> I know "list" and "action" can be changed, this is convenient.
No, it is undocumented. As an author of system-config-audit I'd much
prefer if audit rejected such options, replicating the exact code in
auditctl in order to handle all undocumented behavior the same way as
auditctl is rather impractical.
> diff --git a/src/auditctl.c b/src/auditctl.c
> index 2c136ea..1aba437 100644
> --- a/src/auditctl.c
> +++ b/src/auditctl.c
> @@ -168,27 +168,34 @@ static void usage(void)
> /* Returns 0 ok, 1 deprecated action, 2 error */
> static int audit_rule_setup(const char *opt, int *flags, int *act)
> {
> + char *p;
> + if ((strchr(opt, ',') != strrchr(opt, ',')) || !strchr(opt, ','))
> + return 2;
> +
> + p = strchr(opt, ',');
I think
p = strchr(opt, ',');
if (p == NULL || strchr(p + 1, ',') != NULL)
return 2;
would be simpler.
> - if (strstr(opt, "task"))
> + if (!strncmp(opt, "task,", p - opt + 1) || !strcmp(p, ",task"))
> *flags = AUDIT_FILTER_TASK;
Each string should be recognized only in the documented position IMHO.
The patch also replaces case-sensitive matching by case-insensitive,
which is not described above.
If such changes in the semantics of the parameter are accepted, at
minimum the auditctl.8 man page should be updated as well.
Mirek
More information about the Linux-audit
mailing list