Re: get_field_str() and interpret_field() bug with multi-word fields
On Tue, 2008-08-12 at 23:10 +0100, Matthew Booth wrote:
Steve Grubb wrote:
> If somebody has a better idea/code in hand when we start the 2.0 code, I'd
> like to consider it. The pre-requisites are it has to be backward compatible,
> it has to handle unicode, it has to handle fields with odd characters.
I have thought for some time now that the kernel would do better to
produce binary records. This would have many advantages, including:
* Very simple parsing
* Much faster to parse
* Faster to produce
* Much easier to specify
The production of text would then be the problem of the audit daemon. If
the current text based nightmare were frozen, they could even live
side-by-side.
I've heard this binary audit data talk before. What would it actually
look like?
I'm perfectly fine if someone comes up with some patches that make
wholesale interface changes, but you better be d@m^ sure that I can run
that kernel on RHEL5 and it will work.
-Eric