[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] make it match explicitly when use option '-a', '-A' and '-d' to specify "list,action"



Hello,
Yu Zhiguo píše v Pá 18. 07. 2008 v 14:54 +0800:
> I know "list" and "action" can be changed, this is convenient.
No, it is undocumented.  As an author of system-config-audit I'd much
prefer if audit rejected such options, replicating the exact code in
auditctl in order to handle all undocumented behavior the same way as
auditctl is rather impractical.

> diff --git a/src/auditctl.c b/src/auditctl.c
> index 2c136ea..1aba437 100644
> --- a/src/auditctl.c
> +++ b/src/auditctl.c
> @@ -168,27 +168,34 @@ static void usage(void)
>   /* Returns 0 ok, 1 deprecated action, 2 error */
>   static int audit_rule_setup(const char *opt, int *flags, int *act)
>   {
> +	char *p;
> +	if ((strchr(opt, ',') != strrchr(opt, ',')) || !strchr(opt, ','))
> +		return 2;
> +
> +	p = strchr(opt, ',');
I think
	p = strchr(opt, ',');
	if (p == NULL || strchr(p + 1, ',') != NULL)
		return 2;
would be simpler.

> -	if (strstr(opt, "task"))
> +	if (!strncmp(opt, "task,", p - opt + 1) || !strcmp(p, ",task"))
>   		*flags = AUDIT_FILTER_TASK;
Each string should be recognized only in the documented position IMHO.
The patch also replaces case-sensitive matching by case-insensitive,
which is not described above.

If such changes in the semantics of the parameter are accepted, at
minimum the auditctl.8 man page should be updated as well.
	Mirek


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]