Re: buffer space
Quoting Steve Grubb <sgrubb(a)redhat.com>:
On Monday 17 August 2009 10:49:55 am David Flatley wrote:
<snip>
> The SECSCAN requires many -w (watches) and a fair amount of
syscalls. I
> modified the syscalls to add your recommendation for using "arch=b32" and
> "arch=b64".
Are there any public references to this standard?
No, there are not. The SECSCN
Linux audit checking module was
something I hacked together in a vacuum a couple of years ago. The
"theory" was to try to satisfy DCID 6/3 auditing requirements at the
time. Not sure if the code has been modified since then; it was a
"best guess, first cut" standard at the time. I am checking with the
current development team to see if they've made any significant
changes since then.
Dave Muran-de Assereto