[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] Fix acct quoting in audit_log_acct_message())



Eric Paris wrote:
it needs to stay an untrusted string, but its name, well yeah, that
doesn't tell us a whole lot, does it?

It's the untrusted string code which is the primary culprit. If we fixed audit so that *all* strings written by audit are formatted by exactly one string formatting routine and that routine is sane then 99.99% of the problems would go away. That was the thrust of my original email and what I was most concerned about. Perhaps unfortunately the email included some optional suggestions which is what some folks latched onto obscuring the real issue.
--
John Dennis <jdennis redhat com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]