[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] Fix acct quoting in audit_log_acct_message())



 a) byte sequences with the following special characters encoded as %XX
where XX is hexadecimal value of the encoded byte. Special characters
are: bytes with value <= 0x20 or >= 0x7F, '%', '(', ')', and '='.
Perhaps we should reserve more characters for future features - at least
'"', '\'' and '\\', maybe everything but [a-zA-Z0-9_-].

Lets not invent YAES (Yet Another Encoding System). The world already has enough :-) There is value in sticking with known encodings, many programmers are instantly familiar with them and there is a raft of working code to support them. Off the top of my head I can think of:

1) backslash escapes with embedded octals
2) quoted printable
3) base64
4) xml entities

I think log file readability is high on the list of desired properties, that's why I would pick #1. If you're a sys-admin or a programmer you can read it in your sleep for virtually every escaped string likely to appear in audit data.

But as Eric said the format of the AVC messages will not change. But
then it doesn't make much sense to me to change the format thoroughly.
Perhaps just changing the string enconding to be non ambiguous as John
Dennis proposed would be enough.

Yes, I'm happy to just fix the encoding at this point, everything else is just icing on the cake and not necessary. If any changes other than fixing string encoding is going to imped acceptance then let's recognize reality and move on. The other things would be nice, but aren't needed. The string encoding has got to get fixed though.

--
John Dennis <jdennis redhat com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]