[PATCH] Fix acct quoting in audit_log_acct_message())
John Dennis
jdennis at redhat.com
Wed Mar 5 15:04:20 UTC 2008
>>> a) byte sequences with the following special characters encoded as %XX
>>> where XX is hexadecimal value of the encoded byte. Special characters
>>> are: bytes with value <= 0x20 or >= 0x7F, '%', '(', ')', and '='.
>> Perhaps we should reserve more characters for future features - at least
>> '"', '\'' and '\\', maybe everything but [a-zA-Z0-9_-].
Lets not invent YAES (Yet Another Encoding System). The world already
has enough :-) There is value in sticking with known encodings, many
programmers are instantly familiar with them and there is a raft of
working code to support them. Off the top of my head I can think of:
1) backslash escapes with embedded octals
2) quoted printable
3) base64
4) xml entities
I think log file readability is high on the list of desired properties,
that's why I would pick #1. If you're a sys-admin or a programmer you
can read it in your sleep for virtually every escaped string likely to
appear in audit data.
> But as Eric said the format of the AVC messages will not change. But
> then it doesn't make much sense to me to change the format thoroughly.
> Perhaps just changing the string enconding to be non ambiguous as John
> Dennis proposed would be enough.
Yes, I'm happy to just fix the encoding at this point, everything else
is just icing on the cake and not necessary. If any changes other than
fixing string encoding is going to imped acceptance then let's recognize
reality and move on. The other things would be nice, but aren't needed.
The string encoding has got to get fixed though.
--
John Dennis <jdennis at redhat.com>
More information about the Linux-audit
mailing list