[redhat-lspp] cups uds and lspp patches
Steve Grubb
sgrubb at redhat.com
Fri Mar 17 17:27:07 UTC 2006
On Friday 17 March 2006 11:59, Matt Anderson wrote:
> > OK, I added a section to the audit parser library specification. You can
> > find it here: http://people.redhat.com/sgrubb/audit/audit-parse.txt
>
> This looks like a good resource. Thanks for pulling it together.
Sure just updated it again...missed a few.
> > I got to thinking about this last night, I think what we need is uid &
> > auid. Actual text names is used only when there is no good way to get the
> > uid.
>
> Given the way the username is passed in I'd be hesitant to convert it to
> a uid and report that as fact.
OK, then I would agree. One question, is this the user's name or the account.
IOW, if they login as "xyz" and that account has "John Q. Public" associated
with the account, which gets printed? If its xyz, then use "acct=". Otherwise
I guess you can use "user=". In that case, the string may need to be encoded
so that its kept together by the parser.
> > Which reminds me...I don't recall seeing the file name that is being
> > printed. Is that something that is needed?
>
> I don't believe so. For one thing it would be passed in untrusted. The
> important part is its label which can be trusted.
Somehow I think people would expect to be able to find out what was printed.
Just seeing that something top secret printed on the top secret printer by a
user at a certain time doesn't really tell you much. hmm...
Thanks,
-Steve
More information about the redhat-lspp
mailing list