From mboxrd@z Thu Jan 1 00:00:00 1970 From: Miloslav =?UTF-8?Q?Trma=C4=8D?= Subject: Re: [PATCH] make it match explicitly when use option '-a', '-A' and '-d' to specify "list,action" Date: Fri, 18 Jul 2008 08:49:13 +0000 Message-ID: <1216370953.2664.23.camel@amilo> References: <48803E3C.4060209@cn.fujitsu.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <48803E3C.4060209@cn.fujitsu.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Yu Zhiguo Cc: audit-list List-Id: linux-audit@redhat.com Hello, Yu Zhiguo p=C3=AD=C5=A1e v P=C3=A1 18. 07. 2008 v 14:54 +0800: > I know "list" and "action" can be changed, this is convenient. No, it is undocumented. As an author of system-config-audit I'd much prefer if audit rejected such options, replicating the exact code in auditctl in order to handle all undocumented behavior the same way as auditctl is rather impractical. > diff --git a/src/auditctl.c b/src/auditctl.c > index 2c136ea..1aba437 100644 > --- a/src/auditctl.c > +++ b/src/auditctl.c > @@ -168,27 +168,34 @@ static void usage(void) > /* Returns 0 ok, 1 deprecated action, 2 error */ > static int audit_rule_setup(const char *opt, int *flags, int *act) > { > + char *p; > + if ((strchr(opt, ',') !=3D strrchr(opt, ',')) || !strchr(opt, ',')) > + return 2; > + > + p =3D strchr(opt, ','); I think p =3D strchr(opt, ','); if (p =3D=3D NULL || strchr(p + 1, ',') !=3D NULL) return 2; would be simpler. > - if (strstr(opt, "task")) > + if (!strncmp(opt, "task,", p - opt + 1) || !strcmp(p, ",task")) > *flags =3D AUDIT_FILTER_TASK; Each string should be recognized only in the documented position IMHO. The patch also replaces case-sensitive matching by case-insensitive, which is not described above. If such changes in the semantics of the parameter are accepted, at minimum the auditctl.8 man page should be updated as well. Mirek