From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tomas Mraz <tmraz@redhat.com>
Subject: Re: pam_tty_audit icanon log switch
Date: Mon, 29 Apr 2013 09:14:18 +0200
Message-ID: <1367219658.19498.6.camel@vespa.frost.loc>
References: <20130322054636.GA18911@madcap2.tricolour.ca>
	<1363936771.12964.103.camel@vespa.frost.loc>
	<20130426174213.GE6907@madcap2.tricolour.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <20130426174213.GE6907@madcap2.tricolour.ca>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Richard Guy Briggs <rgb@redhat.com>
Cc: Linux-Audit Mailing List <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

On Fri, 2013-04-26 at 13:42 -0400, Richard Guy Briggs wrote: 
> On Fri, Mar 22, 2013 at 08:19:31AM +0100, Tomas Mraz wrote:
> > On Fri, 2013-03-22 at 01:46 -0400, Richard Guy Briggs wrote: 
> > > Hi folks,
> > > 
> > > There's been a couple of requests to add a switch to pam_tty_audit to
> > > *not* log passwords when logging user commands.
> > > 
> > > Most commands are entered one line at a time and processed as complete
> > > lines in non-canonical mode.  Commands that interactively require a
> > > password, enter canonical mode to do this.  This feature (icanon) can be
> > > used to avoid logging passwords by audit while still logging the rest of
> > > the command.
> > > 
> > > Adding a member to the struct audit_tty_status passed in by
> > > pam_tty_audit allows control of canonical mode per task.
> > > 
> > 
> > For the upstream inclusion of the pam_tty_audit patch you will need to
> > add a detection of the new member of the struct audit_tty_status in the
> > configure.in and #ifdef the code properly. The new option can be kept
> > even in the case the new member is not available, but it should log a
> > warning into the syslog with pam_syslog() when used. The documentation
> > should reflect the fact that the option might not be available on old
> > kernels as well.
> 
> Tomas,
> 
> Please have a look at this patch and see if this addresses the issues
> you raised:

Yes, this is fine and can be submitted to Linux-PAM upstream for review
once the whole patch is final.
-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb