Re: [PATCH] Fix acct quoting in audit_log_acct_message())
Eric Paris wrote:
it needs to stay an untrusted string, but its name, well yeah, that
doesn't tell us a whole lot, does it?
It's the untrusted string code which is the primary culprit. If we fixed
audit so that *all* strings written by audit are formatted by exactly
one string formatting routine and that routine is sane then 99.99% of
the problems would go away. That was the thrust of my original email and
what I was most concerned about. Perhaps unfortunately the email
included some optional suggestions which is what some folks latched onto
obscuring the real issue.
--
John Dennis <jdennis(a)redhat.com>