From: Steve Grubb <sgrubb@redhat.com>
To: Eric Paris <eparis@redhat.com>
Cc: linux-audit@redhat.com, a.p.zijlstra@chello.nl
Subject: Re: [PATCH 2/2] Audit: remove the limit on execve arguments when audit is running
Date: Fri, 5 Oct 2007 11:44:57 -0400 [thread overview]
Message-ID: <200710051144.58454.sgrubb@redhat.com> (raw)
In-Reply-To: <1191597087.3198.7.camel@dhcp231-215.rdu.redhat.com>
On Friday 05 October 2007 11:11:27 Eric Paris wrote:
> My belief is that the solution to this problem is to allow audit to
> break individual arguments down to a size <8k. I guess my syntax would
> be something like
>
> a0[0]=(first 8k of a single huge argument)
> a0[1]=(second 8k of a single huge argument)
Sure go ahead. Also be sure to test with something that has spaces in the args
to see what happens when the argument gets encoded. I think this will be so
rare that no one will ever see it in practice. Either getopt or the shell
will probably limit the argument size.
I don't recall if the MAX size limit was a define in the previous patch. If
not, I'd suggest making it a define. I can make the audit buffers bigger at
some point, but we'll have to recompile everything that links with libaudit.
So, I'd want to hold off until there is a soname number bump just to make
sure everything gets recompiled. So, a define would allow us to easily raise
the kernel side after user space has been changed for a while.
-Steve
next prev parent reply other threads:[~2007-10-05 15:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-02 21:29 [PATCH 2/2] Audit: remove the limit on execve arguments when audit is running Eric Paris
2007-10-03 16:56 ` Peter Zijlstra
2007-10-05 15:11 ` Eric Paris
2007-10-05 15:44 ` Steve Grubb [this message]
2007-10-08 19:45 ` Klaus Weidner
2007-10-08 21:41 ` Steve Grubb
2007-10-08 22:45 ` Linda Knippers
2007-10-09 0:17 ` Steve Grubb
2007-10-09 2:34 ` Linda Knippers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200710051144.58454.sgrubb@redhat.com \
--to=sgrubb@redhat.com \
--cc=a.p.zijlstra@chello.nl \
--cc=eparis@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.