Re: audit-0.6.2 released
* Steve Grubb (sgrubb(a)redhat.com) wrote:
On Wednesday 27 April 2005 17:51, Chris Wright wrote:
> We know how long the buffer is, but the NULL byte is not in the buffer.
> So we either overwrite the last byte of the buffer, or the first byte of
> the next thing in memory.
I think the intent was to overwrite the last thing in the buffer. One of my
concerns has been that legally, paths can be 4096 bytes. There is a note in
the audit.c file that says we are limiting ourselves to 1024 bytes because of
printk limitations. So it we've accepted that we can't printk full file
names, what's wrong with losing 1 byte?
I had hoped to find the actual bug (esp. since I'm not convinced it's
a vsprintf bug in kernel). Short of that, I agree, chopping off last
byte is doable.
thanks,
-chris