Re: auditd netlink headers

On Friday 29 April 2005 15:41, Chris Wright wrote: > We are (in theory, not sure about practice). The code was in a function called audit_listen that was removed after 0.6.4. > Say a exe path of > 990 bytes, or any payload of that size. That was my concern. Paths can be 4096 bytes. (which is another reason I wanted to see test cases with big filenames - to see what all breaks.) > You should get two fragments, and auditd drops them both. The second > I'm suspecting it's pure luck because NLMSG_OK() is looking a audit > data as a netlink header. It has to be coded differently. I'll see if I can create this problem by making a long pathname and accessing it while doing syscall auditing. -Steve

-- Linux-audit mailing list Linux-audit(a)redhat.com http://www.redhat.com/mailman/listinfo/linux-audit