Hello,
Yu Zhiguo píše v Pá 18. 07. 2008 v 14:54 +0800:
I know "list" and "action" can be changed, this
is convenient.
No, it is undocumented. As an author of system-config-audit I'd
much
prefer if audit rejected such options, replicating the exact code in
auditctl in order to handle all undocumented behavior the same way as
auditctl is rather impractical.
diff --git a/src/auditctl.c b/src/auditctl.c
index 2c136ea..1aba437 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -168,27 +168,34 @@ static void usage(void)
/* Returns 0 ok, 1 deprecated action, 2 error */
static int audit_rule_setup(const char *opt, int *flags, int *act)
{
+ char *p;
+ if ((strchr(opt, ',') != strrchr(opt, ',')) || !strchr(opt,
','))
+ return 2;
+
+ p = strchr(opt, ',');
I think
p = strchr(opt, ',');
if (p == NULL || strchr(p + 1, ',') != NULL)
return 2;
would be simpler.
- if (strstr(opt, "task"))
+ if (!strncmp(opt, "task,", p - opt + 1) || !strcmp(p, ",task"))
*flags = AUDIT_FILTER_TASK;
Each string should be recognized only in the
documented position IMHO.
The patch also replaces case-sensitive matching by case-insensitive,
which is not described above.
If such changes in the semantics of the parameter are accepted, at
minimum the auditctl.8 man page should be updated as well.
Mirek